Cahal Milmo writes in The Independent:

Medical and social security records kept by public bodies are being unlawfully or inappropriately accessed dozens of times a month and hundreds of civil servants disciplined for data offences, according to Government records.

Staff at the Department for Work and Pension (DWP) are being reprimanded at a rate of nearly five per day for breach of the rules governing its vast database – thought to be the largest of its kind in Europe – while the Department of Health (DoH) last year recorded 13 cases a month of unlawful access to medical records.

The statistics, obtained by Channel 4’s Dispatches under the Freedom of Information Act, will increase concern about the security of personal data and the ease with which private investigators are selling access to personal and confidential information, much of which is held on state computer systems and is illegal to obtain without suitable authorisation.

Chris Pounder writes on the HawkTlk blog:

Should you be fined if you failed to register with the local police, the national security agencies, any Government Department or a Credit Reference Agency? Should the national security agencies, for instance, be entitled to create a population register, the core of which could be similar to that of associated with the ill-fated ID Card (much beloved by the previous Government)?

Surprised by these questions? Both these outcomes are possible, courtesy of the Electoral Registration and Administration Bill just published following last week’s Queen’s Speech.

This Bill allows for individual electoral registration; this means that each elector must apply individually to be registered to vote. To ensure that all voters are registered, the Bill permits extensive data matching powers to verify applications, to check existing entries in electoral registers against other sources of data, and to hunt for individuals who do not currently appear on the electoral roll.

Also like registration for an ID Card, there will be a civil penalty for those who fail to make an application when required to do so by an Electoral Registration Officer (“ERO”). This continues the compulsion under the current law which makes it an offence if an individual fails to provide information to an ERO when asked.

The details provided on such registers are usually the voter’s name, address, nationality and age; however the associated Privacy Impact Assessment adds that the register will need to have access to Nationality (plus immigration status where appropriate), NINO and previous and/or alternative address. All these details formed core elements of the ID Card’s database (the National Identity Register or NIR).

Each full register is updated every month and published once a year. Like the ill-fated NIR, the full register can be used for several purposes: there is the obvious electoral purpose, a prevention and detection of crime purpose, a safeguarding national security purpose and a purpose related to checking the identities of individuals who have applied for financial services.

Tom Whitehead writes in the Daily Telegraph:

An attempt by Theresa May to defend proposed new snooping powers backfired yesterday when she was contradicted by her own child exploitation experts.

The Home Secretary told MPs that nine members of a 41-strong international paedophile ring had never been traced because necessary internet data on them was not available.

She used the case as a reason why the Government plans to force communications providers to retain all phone and internet activity by its users, which can then be accessed by the police and security services.

But within hours of her warning, the Child Exploitation and Online Protection Centre (Ceop) revealed the case was five years old and may have had a different outcome today, regardless of any new powers.

The reason officers were unable to trace nine of the suspected paedophiles in the 2007 case was because records then were only retained for three months.

The current practice now is for companies to retain records for at least a year and a Ceop source admitted that may have made a difference in the case had been live today.

Dr Joss Wright writes in detail on the LSE Politics blog about CCDP. He concludes:

While the above arguments have focused to some extent on technology and the risks that come with its misguided application. A more important and fundamental argument, however, is that the proposed approach follows and accelerates a worrying trend towards blanket and unwarranted surveillance of the population in the hope of identifying those who may commit crimes. With the wealth of information revealed by communications data, the appeal to a Home Secretary of an algorithmic black box that can magically identify terrorists is, perhaps, understandable, at least to those unfamiliar with the concept of the base rate fallacy; such a view, however, violates the basic principle that individuals for whom there is no evidence or suspicion of wrongdoing should not be targeted. Without this principle, where does the surveillance and intrusion into our lives end?

There are many arguments against surveillance of the type proposed in schemes such as the Communication Capabilities Development Programme, and I have touched on only a fraction. In the past, technical and economic feasibility, as well as compliance with EU law, have proved some of the most powerful of these arguments, and they will remain so. Despite this, I believe that our arguments should stem first and foremost from the fact that blanket and unwarranted surveillance of the population is deeply wrong, both in terms of our fundamental human rights and in our most basic values as a society. Until that argument is won we will never see the end of these misguided and damaging proposals.

Graeme Burton writes in Computing about the recently enacted Protection of Freedoms Act:

Perhaps the most contentious measures involve the retention of DNA and fingerprint evidence, which is taken as a matter of routine by police from anyone they arrest and, in some circumstances, detain for questioning.

Prior to the Act, police forces up and down the country were building a de facto DNA database, given that when someone was arrested but not charged with an offence, their DNA and finger print data would automatically be retained indefinitely.

Under the new Act, such evidence can still be retained indefinitely if suspects have previously been found guilty of a serious crime, but will be destroyed for suspects with no previous convictions – albeit after a three-year period. On top of that, if someone – in the judgement of the chief constable – is arrested unlawfully, their DNA and fingerprints can also be erased from the system.

However, where the legislation becomes extremely vague is clause 9, which covers national security. This enables any DNA or fingerprint evidence to be “retained for as long as a national security determination made by the responsible chief officer of police has effect in relation to it”.