Millions of records are inaccurate

Thursday, January 22, 2009

All but one government department has no system in place to correct data errors, an investigation has revealed.

Tom Ilube, the chief executive of the identity management company Garlik, revealed that just one department has a procedure in place to correct errors within its databases. Ilube discovered this after submitting a Freedom of Information request to each central government department asking if they have a system in place to correct data errors.

The education watchdog Ofsted is the only organisation to get a clean bill of health, with major government departments like the Cabinet Office and the Department of Health admitting to no procedure in place.

Speaking on BBC Radio 4's Today programme, he said: "When you see it written down in department after department, 'no we haven't been audited, no we don't have any written policies, no we don't have a budget, no there are no statistical information,' it does take you aback.

"What it says to me is that these departments are not taking looking after personal information seriously. [Government is] really getting to dangerous levels of complacency in [its] ability to look after our personal information."

Also speaking on the programme, Dr Louise Bennett, chairwoman of the British Computer Society's security forum, said: "Every department will have tens of millions, hundreds of millions of records. The chance of it all being accurate is absolutely nil. Between one and five per cent of the data in databases across the public and private sector is inaccurate," which could potentially mean millions of records are wrong.

Giving a personal example, Bennett said her postcode is always wrong on NHS databases so she gets the wrong person's test results. She said she has resorted to delivering them to the correct person herself and exchanging telephone numbers to stay in touch when it happens again.

"Every time I've been to a hospital to have a test, I've told them they have the wrong postcode and asked them to change it. It's been going on for at least 10 years," she said.

Although it is not an offence to have no procedure to correct data errors, data protection regulations do require that records are kept up-to-date.

The findings of Ilube's investigation were shown to the deputy information commissioner in charge of data protection, David Smith, who told the Today programme the research was "worrying" and said the Information Commissioner's Office (ICO) wanted to carry out spot-checks and impose fines on those that breached regulations.

"We welcome the new powers that have been given to the Information Commissioner's Office and we will use them," he said. "The responsibility for getting it right rests with the departments themselves and it is vital that they have the systems in place to deliver correct and accurate records."

Smith added that looking after personal information should be a board-level responsibility, with accountability at senior management levels.

"Government does need to do more to ensure that it delivers a service as good as that delivered by the private sector," he said.

Bennett said there needs to be a culture change in government and called for some sort of "gold standard" to be adopted. "Someone needs to take control," she said. "This whole thing should be sorted out by total quality. Right first time and every time and certainly I have seen departments where there are just targets for getting data in, not targets for getting the data in correctly. All of these things it matters that it is accurate."

Ilube added: "If you are going to be a government department holding a database with millions of people's information, you must have a duty of care. It is your responsibility to ensure that information is accurate and you need to put the effort in to make sure it is."