An enquiry into claims that the UK has become a surveillance society has called on the government to strictly limit the data it holds on individuals.

The enquiry added that the government should do more to protect data and warned of ‘function creep’, where information is used for purposes beyond what was originally intended.

A committee of MPs carried out the the enquiry following concerns about government data handling.

Information Commissioner Richard Thomas welcomed the call for data minimisation and the curbing of unnecessary surveillance.

“The more personal details that are collected, the greater the risk that mistakes will occur,” he said. “More and more people now understand the importance of the data protection framework in making sure personal information is collected in ways which are necessary, justified and proportionate.”

But some observers felt the enquiry had done little more than call for the government to stick to the law as it stands.

Ovum analyst Graham Titterington said: “It is restating the fundamental principle that you keep minimum data for specific purposes. The problem is getting the government to accept that what it is preaching to everyone else also applies to government.

“A number of departments are collecting an awful lot of information on individuals and this is growing rapidly. The term ‘surveillance society’ is emotive, but we are certainly going in that direction.”

Titterington said that the enquiry’s widening of the debate to data loss incidents and the ID card debate was unhelpful.

“There is a lot of furore about data losses but this is not related to this debate as the tax authorities, for example, were not collecting data they shouldn’t have,” he pointed out. “And the issue about ID cards is not so much about the basic information collected when it is issued but that it may be tracked every time it is used.”

The MPs’ report backed the use of privacy impact assessments before developments took place that could increase surveillance. The assessments would consider the impact on individuals and ensure safeguards were in place to minimise intrusion.

Titterington said the assessments could be a useful tool even though much public sector data collection was governed by secrecy laws.”

Vin Bange, data privacy expert at law firm Eversheds, said: “It is hard to see a firm standard to set out what you do or don’t do for privacy impact assessments. Private organisations already use them, especially in employment; they stick to the Information Commissioner’s Office code of practice. There is a definite case for transferring this to the public sector.

“The report is a shot across the bows of public organisations that ought to take a different view of the way they collect data. Organisations have been ramping up the amount of data they collect and what they are using it for.”

Bange said that organisations without a data strategy created real risk, and the more data they collected, the harder it was for them to understand when to get rid of it.

“Organisations might have a fantastic flair for coming up with data interrogation ideas,” he said, “but they are lacking at the back-end and need to get that back-end in order.”