Introduction

In order to carry out their work, public services collect, process and store vast quantities of data relating to every man, woman and child in the UK. Yet public officials and data subjects alike are confused about the powers that government agencies possess to exploit those data and the safeguards that have been put in place to protect the privacy of the individuals to whom they belong. On the one hand, the impact of the poll tax in reducing rates of returns for the 1991 Census apparently revealed a widespread assumption that different government departments routinely pool personal data. On the other hand, successive reports on child deaths following neglect or abuse – such as the Laming report (2003) into the death of Victoria Climbié – or reports into homicides by people with paranoid schizophrenia who have lost touch with services – for example, Christopher Clunis who in the 1990s killed Jonathan Zito – regularly criticise public services for failing to share data, even about high-risk cases.

Government ministers and public servants often speak of a ‘balance’ to be struck between data privacy, on the one side, and the advantages to the public interest from greater sharing of personal data, on the other. In the last few years, however, imperatives on government agencies to share more personal data have become much greater, as a result of fundamental shifts in social policy, as well as wider policy pressures for the ‘modernisation’ and ‘joining up’ of public services (6 et al, 2002). At the same time, too, the British government has domesticated into British law the European Directive on data protection in the 1998 Data Protection Act, and also the European Convention of Human Rights, in the 1998 Human Rights Act, which now acknowledges privacy as a fundamental right. The question of the ‘balance’ between these two imperatives has therefore risen much higher up the public policy agenda than was previously the case, but the question of where and how such a balance should be drawn is still far from being satisfactorily addressed.

In late 2003, the government issued legal guidance on data sharing, arguing that where departments are carrying out functions for which there are proper legal powers, the sharing of personal data for such purposes requires no special authorisation, so long as the principles of data protection law and confidentiality law are followed (DCA, 2003). However, this guidance may be challengeable, turning as it does on definitions that some lawyers continue to regard as contestable. Many public services remain unsure about their exact legal position, not least because they have low confidence in making judgements about who ‘needs to know’ what information for what purposes, to meet the requirements of confidentiality law and data protection principles.