For immediate release, 21/2/08
A report commissioned by the government following the HMRC Child Benefit
data breach last year confirms that the ContactPoint database , intended
to contain the details of every child and parent in the country, can never
be made secure. This confirms objections that NO2ID  and other
campaigners have been pressing since the passing of the Children Act 2004.
The report by Deloitte and Touche , of which a summary was published this
afternoon, says: “It should be noted that risk can only be managed, not
eliminated, and therefore there will always be a risk of data security
The government has refused to publish the full report, ‘for security
reasons’. In essence it is trying to ignore the problem.
It appears from the Executive Summary that has been published that Deloitte
confirms some of the issues identified by campaigners well before the
legislation had been passed.
Phil Booth, NO2ID’s national coordinator, said:
“If the report identifies problems in ContactPoint, then the government
should face up to them – not try to keep them secret. Ministers can no
longer say, “You’ll just have to trust us”. We know we can’t.
“If the governmen’s own report says no system accessible by over 300,000
people can ever be made secure, the answer is not to ignore it and hope
everyone forgets. What will they do when – not if – the system is abused?
Hide that too?
“ContactPoint is just one more case where official face-saving trumps the
basic rights of the general public. Behind the cosy slogan, ‘every child
matters’ seems to mean putting every child equally at risk. If the
government cared about more than sloganising, it would scrap the whole
scheme immediately. ”
Notes for editors
2) NO2ID is the UK-wide non-partisan campaign against ID cards and the
database state. See http://www.no2id.net/dbstate.php for a list of ‘database
state’ initiatives that NO2ID is actively opposing. NO2ID also comments
specifically on the Children Act 2004 data-sharing powers: