Ten days ago, the Home Secretary announced that members of the public can make applications for disclosure from police records about anybody who is in contact with children. The Home Secretary’s decision was justified by Home Office research (and not made in order to catch a headline before the General Election campaign). The scheme is going nationwide starting in August.
However, after looking at the research report (see reference below), I believe that no data protection analysis or privacy impact assessment was made during the pilot with respect to disclosure. I believe the research does not provide a reliable basis for extending the scheme nationwide and that the disclosure procedures adopted by the police in relation to disclosure are flawed. Instead of a national roll-out (which risks being disastrous if it drives sex offenders underground), a more in-depth pilot is needed; one which includes some very important data protection considerations.
The procedure adopted by the police in relation to the pilot disclosures, as described in the research report, involves four steps: (1) any person can make a request (e.g. an "enquiry" by email) for information about a “subject”; (2) police then do a trawl of PNC, sex offender and local criminal intelligence data re the subject; (3) a preliminary risk assessment is made (4) enquiries which do not meet the selection criteria are rejected – others move to the “application” for disclosure procedure. A valid enquiry had to pass two thresholds: (1) the subject has unsupervised access to children and (2) the subject lived in the force area (see Table 1 footnote).
However, Table 7 of the research report indicates that “over half (i.e. 54% of applications) did not have unsupervised contact with children”. In other words, it appears that most “applications” for disclosure did not meet the stated criteria for an “application” (i.e. the need for unsupervised access). This suggests that if the preliminary risk assessment proved remotely positive then the nature of any access to children (if any) was irrelevant.
By contrast, if the main criterion for disclosure were to be “unsupervised access to children”, then one would conclude that there would be no need to perform any preliminary check against PNC and criminal intelligence, if the subject did not have unsupervised access. In other words, step(4) of the police procedure should have been step(2); the research made no comment on this anomaly.
The importance of this becomes clear in the following scenario. Suppose an individual does not have any unsupervised access to children and is subject to an enquiry or application. There are likely to be audit trails in criminal intelligence that the subject was checked in connection with an inquiry under the “risk to children” disclosure procedure. Suppose further that individual then applies to work in an area that has access to children and a school (or the Independent Safeguarding Authority) obtains criminal intelligence that “an application” was considered.
The assumption, I think the school (or ISA) could easily make is that there was no smoke without fire. Because someone reported “something” and because the enquiry warranted consideration of “an application”, there might be “an issue” in relation to unsupervised access to children. Such information might then be passed to employers to assess. Now ask a simple question: if you were an employer with a short list of two job-applicants – one of which has this kind of query against his or her name and the other hasn’t - which one do you employ?
The report fails to mention (or appreciate) a number of areas where data protection requirements clearly apply. For example, it agonises over the fact that “some applicants struggled with not being able to pass on information (about the subject) to other people”. The report does not mention the obvious point that if the applicants were to disclose personal data to others, the risk of committing a S.55 offence would be very great. The threat facing applicants is not an actionable breach of confidence by the subject if they were to further disclose details about the subject, the appropriate sanction would be prosecution by the police force that provided the personal data.
In addition, the research ignores a central fairness question. Suppose you were checked by the police and no disclosure to the applicant occurred, should you be informed of the fact that there had been a check. I think the fairness provisions in the Act could require it in many circumstances, although I am the first to admit that this is a very difficult issue. However, one expects research to explore such difficult issues; its omission suggests that this rather basic data protection requirement was not even considered.
Also not considered is the role of criminal intelligence. If an enquiry is made in relation to an individual, one would expect a record of the enquiry would reside in the police’s criminal intelligence systems. Indeed the report notes that the police “value the gathering of additional intelligence”, especially in relation to individuals who are of no risk to children but who are known to the police.
This “additional intelligence” functionality is also a consequence of Step 4 being before Step 2 (see above), and one wonders whether it is appropriate. For example, should personal data be retained on criminal intelligence systems if the subject has no criminal record and was not previously known to the police? If so, for how long? How is it judged that these personal data are relevant or even accurate? Is the recording procedure fair to data subjects? Important questions – all missing – and I suspect considered unimportant.
The small numbers involved in the research is a worry. The pilot areas are not large, and I estimate that a national scheme would scale the pilot disclosure scheme by at least two orders of magnitude. So, should a responsible Government rely on justifying implementing a national scheme based on the research that analysed 159 applications for disclosure, made 43 interviews with applicants, and where there were only 21 disclosures made to members of the public? There are thousands of individuals on the sex offenders register; the pilot interviewed about 8 of them – so are the views of this small group representative. Is there a risk that sex-offenders may go underground if the disclosure scheme goes nationwide?
I also wonder whether the reported “success” of the scheme might be the result of a self-fulfilling prophecy. The report notes that the scheme was not “marketed” particularly well. This could mean that only those with genuine concerns took the trouble to explore “what to do about them” and heard of the pilot disclosure scheme in their area. If this is the case, the applicant would have genuine worries or suspicions prior to contact with the police, so the fact that these suspicions are confirmed should not surprise. More marketing would mean more speculative enquiries from members of the public.
That is why the authors themselves say “these samples represent a small proportion of the overall populations and may not be representative...” and “the findings ...should, therefore, be treated with a degree of caution”. By contrast, the Home Secretary has thrown caution to the wind.
My own view is that the disclosure procedures as described in the report do not provide adequate safeguards for those who get inadvertently get entangled by them; if data protection safeguards are not inserted the disclosure procedures described in the report could easily damage that which they seek to protect.
Finally, I have to mention the fact that this is the second piece of Home Office research that has been interpreted by Government in a cavalier way. The Select Committee’s (see previous blog) stated that the DNA research that justified the six year retention period was distinctly dodgy; now this research is assumed to provide a sound basis for the national roll out.
I have therefore concluded that the Home Office Research Department has to be made independent of the Home Office. You can’t have a research department researching the policies of its own department and then trying to make a claim of impartiality for its research (or in this case, the Department making claims that its own research does not support).
Reference: “Child Sex Offender Review (CSOR) Public Disclosure Pilots: a process evaluation”: http://www.homeoffice.gov.uk/rds/pdfs10/horr32c.pdf. The disclosure scheme was piloted in Cambridgeshire (Peterborough and surrounding villages); Cleveland (Stockton District); Hampshire (Southampton); and Warwickshire (force-wide).