Privacy group No2ID has warned about plans for a new "strategic data-sharing initiative" targeting people in Greater Manchester that will create a ‘common residents index' pooling the data from almost all public-sector databases in the area.
GM-Connect will be based on a federated data-sharing model that will provide dashboards on every citizen in the area, with public sector workers able to conduct queries across the system to find out every aspect of people's lives.
The project was started in January 2016 and has already cost £500,000, but has not been publicised, claims No2ID.
"The aim of GM-Connect is to allow the sharing of the personal data of residents across Greater Manchester, with a longer-term aim to create a ‘common residents index' of everyone living in Greater Manchester," claims the organisation. "Although the report focuses on the use of GM-Connect in improving social and health care, the ultimate intention is clearly that access to many other public services will be covered."
The system will be similar to the identity card scheme promoted by the last Labour government, as well as the current Scottish government's identity database currently being constructed.
According to a little-publicised report into the scheme, workers across the public sector will be able to conduct broad queries against the federated database in order to "establish trends, identify previously undetected patterns, map relationships, and test scenarios in the context of the individual, family and/or place".
It adds: "Workers will be automatically notified of important life events and changes in residents' circumstances when they occur. For example, a young person moving to adulthood, or a person moving from shelter to homelessness."
No2ID claims that the report into the resident information system barely touches upon the issue of privacy or allowing people to opt-out of the scheme. "Indeed the report does not go into any depth with regards to the legal basis for the scheme, or legal protections on data usage," it claims.
"It is worth noting that significant concerns have been raised by privacy campaigners with the Scottish Identity database around the surveillance capabilities it will give the Scottish government. Although GM-Connect is not (based on current information) as comprehensive as the Scottish scheme, it still has the potential to provide council workers and other public bodies with intrusive access to the activities and lives of Greater Manchester's residents.
"The other big danger with this type of scheme is of course the potential for mission creep," warns No2ID.
The scheme is part of broader £12.4m Transformation Challenge Award to the ten Greater Manchester local councils, £4m of which was specifically allocated to enable "a ‘place-based approach' to ‘data, information and knowledge sharing', spanning all public sector organisations across Greater Manchester", according to the report.
The scheme is being prepared in partnership with the government's Centre of Excellence for Information Sharing and consultants KPMG. The involvement of a central government body indicates that were the Greater Manchester scheme to be rolled out, it would almost certainly be copied nationwide.
Half of all UK businesses hit by security breaches in the past 12 months, according to government Cyber Security Breaches Survey 2020
More businesses and charities than ever are being hit by cyber attacks, according to the latest survey – but organisation are also becoming more resilient
APT41 attacks carried out between January and March targeted unsecured Citrix NetScaler servers and Cisco routers
More and more ransomware groups are starting to steal data before encryption in order to blackmail their victims into paying up
Groups behind Netwalker switched phishing baits to coronavirus last week - as other ransomware groups pledged to avoid medical facilities
The data allegedly belongs to consultancy Brooks International, which refused to pay ransom to cyber criminals