In the comedy series Yes Minister!, permanent secretary Sir Humphrey Appleby observed that it was always best to "get the difficult bit" out of the way in naming any new piece of legislation. In Yes Minister! world, a bill would often do the opposite of its title. And so in light of recent trends towards greater intrusion of the state into citizens' and organisations' data, the Protection of Freedoms Act 2012 makes interesting reading.
The Act received Royal Assent on 1 May 2012 and commencement orders will be issued from July 2012 to enact some of the measures.
Most of the Act's measures are uncontentious – such as the requirement for schools and colleges to obtain parental consent before taking fingerprints of children under the age of 18.
However, a number of them demand closer scrutiny, because data – its collection and, importantly, its retention – lies at their core.
Perhaps the most contentious measures involve the retention of DNA and fingerprint evidence, which is taken as a matter of routine by police from anyone they arrest and, in some circumstances, detain for questioning.
Prior to the Act, police forces up and down the country were building a de facto DNA database, given that when someone was arrested but not charged with an offence, their DNA and fingerprint data would automatically be retained indefinitely.
Under the new Act, such evidence can still be retained indefinitely if suspects have previously been found guilty of a serious crime, but will be destroyed for suspects with no previous convictions – albeit after a three-year period. On top of that, if someone – in the judgment of the chief constable – is arrested unlawfully, their DNA and fingerprints can also be erased from the system.
However, where the legislation becomes extremely vague is clause 9, which covers national security. This enables any DNA or fingerprint evidence to be "retained for as long as a national security determination made by the responsible chief officer of police has effect in relation to it".
This clause was criticised by Parliament's Human Rights Joint Committee when it examined the Bill last year. In a report, it wrote:
"We are concerned that the Bill would create a broad ‘catch-all' discretion for the police to authorise the retention of material indefinitely for reasons of national security. We are concerned that the Minister has not provided a justification of why this power is necessary and proportionate, particularly in light of specific measures targeted towards retention in relation to counter-terrorism and immigration."
It concluded: "Without further justification or additional safeguards, these measures should be removed from the Bill."
More positive, though, are the amendments and extensions to the Freedom of Information Act. First, Freedom of Information will be extended to cover the "wider public sector". This will include, for example, the Association of Chief Police Officers, Financial Services Ombudsman and UCAS, the higher education admissions organisation.
Public bodies will also be obliged to provide requested information in electronic format, if that is the form in which it is held – rather than printing it off, or sending the information as an embedded image, for example.
They will, therefore, also need to provide the underlying data in many instances.
The Act will also oblige public bodies to make "datasets" publicly available for re-use, albeit for a yet-to-be determined fee.
The expectation is that any fee structure will be modest, so that entrepreneurial people might be able to build businesses exploiting these datasets.
• The underlying signs, therefore, are of a government finding more ways to drive economic advantage from the data that it collects about its citizens.
"The Data Bank of England" is opening – slowly, but surely – by a gradual accumulation of legislation. Its currency is data and datasets about UK citizens. See Computing's 10 May print issue for more details.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy