A fundamental flaw with the scheme (now known as ContactPoint) is the idea that you can give upwards of a third of a million people access to a system and expect its contents to remain secret in any kind of cost-effective way. And, of course, any sensible person would reason similarly:
If you allow large numbers of people access to sensitive data it’s never going to be secure. You can’t protect it. ContactPoint should simply never have been built.”[From Database delayed: Critics fear children may be in danger | Education | The Guardian]
The dangers inherent in this kind of system, that collects sensitive data and then opens it up, do not need to be repeated. Nor are the restricted to the public sector. In today’s Korea Times I read that:
Two CDs, containing the private information of more than 11 million people (including politicians and government ministers) were found in pile of rubbish in Seoul. GS Caltex, the oil company from where the data had leaked, said that they took private information very seriously and only 12 employees were authorised to access the database.
They can’t keep the stuff safe with only 12 authorised users, so goodness knows how ContactPoint is going to keep it safe with 300,000 of them. It would only be a matter of time before some minor functionary in local government left a laptop on a train, or a management consultant analysing the data lost a USB key, or whatever, and the whole database would be exposed.