The devil in the detail

The government is on to a loser with its careless approach to our personal data

Six months since the taxman posted half the nation's bank details to the Dark Net, we finally have our independent reviews. On the day David Cameron congratulated Gordon Brown on his first year as PM, the government saw fit to release not one, but three, reviews of its catastrophic record on data loss. Two were for Her Majesty's Revenue and Customs - one by Kieron Poynter, the other by the Independent Police Complaints Commission - and one by Edmund Burton for the Ministry of Defence, which lost the records of 600,000 military hopefuls in January. There, don't you feel better?

These data-loss scandals made headlines at the time, but since then it appears nothing has changed. Tales of government departments being crippled by emergency rules that forbid civil servants to take laptops out of the office, until those higher up have decided how to secure the personal data they contain, have reached the ears of those who follow this sort of thing. Yet it hasn't put a stop to the steady ebb of personal data lost by the public sector. In the months since November's Datagate, the offices of the Information Commissioner in Wilmslow, Cheshire, have acted as a sort of confessional, with everyone from the police to the NHS queuing up for redemption.

More worryingly, this government still hasn't got the message just how dangerous is its transformational government (read "total information awareness") agenda, politically and practically. Although it had been hoped that a change from Tony Blair to Brown might provide a chance to scrap Labour's draconian identity card scheme, that now seems unlikely. Laughably, the May by-election campaign in Crewe and Nantwich was actually built around ID cards.

The recommendations made by Poynter echo those put forward by a recent Commons home affairs select committee review in a document entitled A Surveillance Society. In brief, to meet the challenges of the digital age, government departments must, among other things (such as not burning personal data on to unencrypted discs and sending them by carrier pigeon to the Isle of Wight), operate a policy of data minimisation. That means holding the least information possible in order to complete the task in hand.

How does this square with government initiatives such as ContactPoint (the complete, unabridged database of the nation's children), the NHS data spine, the police DNA database or the Home Office's recently leaked plans (fear them, for they are indeed true) to capture communications traffic data for the entire nation and store it in a big shed somewhere outside Cheltenham? In a word: badly.

All of which means this administration needs to find a reverse gear some time before 2010, or it won't (only) be the other half of the nation's bank details that it loses - it will be the next general election.