ID card database to support a public service delivery agenda

Even when the card is not used to establish entitlement to a service, entries in the database in relation to the use of a public service may appear as part of the set of "registrable facts" associated with an individual ID cardholder, according to data protection law specialist Dr. Chris Pounder.

This new aspect has not been the subject of much public debate which has hitherto been limited to the use of the ID card in connection with entitlement to government services, establishing identity, the control of immigration especially in the field of employment, and to countering false identities used by terrorists.

The new function of ID card databases is defined in the ID Card Bill which defines one of the statutory purposes of the ID card to be the "provision of a secure and reliable method of registrable facts".

Four pages of the Bill outline about 50 items of "registrable facts" about individuals which may be stored, and these facts are to be used whenever it is "necessary in the public interest".

The Bill outlines that this "public interest" test would be satisfied if use of the database was "for the purpose of securing the efficient and effective provision of public services" and the Bill further defines a public service to include "the provision of any service to an individual by any authority".

The accompanying Regulatory Impact Assessment published on the Home Office web-site provides several examples of how this would work.

For instance, the Assessment states that the database could be used for "automated on-line checks between service providers' IT systems" – in particular the verifying of the content of application forms.

This means that an entry in the ID card database in relation to this service might appear against the individual's name, even though an ID card has not been presented for checking. Eventually, the idea is that "the ID card scheme could provide the infrastructure for a one-stop shop for people to notify changes of personal details".

Some government departments are already thinking ahead. The Department of Health, for instance, is already considering whether to merge the ID card with the cards planned for use in connection with health-related matters.

In an announcement made by means of an answer to a Parliamentary Question, MPs were informed that "The United Kingdom is required under European law to introduce the European health insurance card by 31 December 2005" (to replace the E111 forms when UK citizens travel abroad). As the Department was contributing to the Home Office-led identity cards programme, as well as considering the development of a national health service card for patients, the Department was "considering how in the medium term this work programme can best be integrated, so as to maximise the benefits for patients and frontline services".

The Impact Assessment also states that "the old assumption that if you are here you are probably here legally is no longer acceptable" and this infers that ID cards will be needed to access most front-line public services.

Finally, the private sector, especially in relation to the provision of financial services and employment, is likely to be encouraged to use the card. The assessment states that the Government would "work closely with private sector organisations to ensure that the [ID card] scheme develops along lines which will meet their business requirements". This means that links to records of private sector service use are very likely to appear in the registrable facts associated with an individual.

Dr. Pounder, Editor of Pinsent Masons' Data Protection and Privacy Practice, welcomed the new openness of Government in relation to the database. He said: "it has been obvious that the efficiency of public service delivery has underpinned much of the ID card debate, yet this database has hardly been mentioned in public consultation documents about the card".

Dr. Pounder continued: "Now we should be able to have a public debate as to whether the data protection principles should fully apply to the database of registrable facts, whether disclosures from the database to the authorities should be subject to a test of prejudice as it is in the Data Protection Act, or indeed whether the police and security services should have secret access to an audit trail which is likely to describe all the key public and private sector used by each individual resident in the UK."