132. Scotland on Sunday, 8 Jan. 17 - SNP accused of 'running scared' of 'super ID database' plans, Scott MacNab
Lib Dem MSP Liam McArthur urged the Scottish Government to end its silence over the controversial NHS proposals
The Scottish Government has been accused of "running scared" over controversial proposals for a "super ID database" in Scotland after dithering for almost two years on the plans.
The proposals would see a sweeping extension of the NHS central register (NHSCR), allowing 120 public bodies to obtain information from it. A public consultation into the plans closed in February 2015.
Ministers have played down concerns and insisted the only change being made to the register ... is the addition of individual's postcodes. Claims of a super ID database have been flatly rejected.
But opposition parties are now demanding that the Scottish Government end its silence on the issue and set out its plans.
Liberal Democrat Orkney MSP Liam McArthur said: "It has been two years since the SNP launched their consultation on creating the super ID database. Despite repeated questioning in parliament, the Scottish Government is unable or unwilling to provide the most basic of answers.
"SNP ministers are clearly running scared. Their proposals for an intrusive super ID database were criticised by experts. All the opposition parties backed the Liberal Democrats in a vote condemning ministers' plans to establish this through the backdoor, without proper parliamentary scrutiny..."
The proposal would see public bodies allowed to access data through an individual's NHS number, including HMRC for tax purposes. Everyone born in Scotland or registered with a GP north of the border has a Unique Citizen Reference Number held in the NHSCR...
Jim Killock, executive director of Open Rights Group, said: "The Scottish Government should come clean and admit these plans were a mistake and that they shouldn't have attempted to sneak them in through a minor consultation."...
Almost 90 per cent of respondents were opposed, including privacy watchdog the Information Commissioner, the Chartered Institute of Taxation and the Law Society of Scotland, which all warned the proposals may be illegal.
The scheme also was rejected by the British Medical Association, Royal College of GPs and Royal College of Physicians and Surgeons.
A Scottish Government spokesman insisted there were no plans to create a super ID database.
"We are considering consultation responses and will set out the way forward on this, and related issues, in due course," he added.
133. Scotland on Sunday - Online Forum, 15 Jan. 17 - Readers' responses to item 132 above
It would be a massive folly to develop a huge single database. Why? Simply because the data could never be sufficiently secure - whether from hacking, from theft, from copying and/or from unauthorised use by the professionals.
A friend of mine was puzzled when she received an email from her dentist confirming an appointment ...she hadn't given her email address to either the dentist or GP's surgery. The dentist couldn't, or wouldn't, say how they had got her details. She had, however, applied for a bus pass - a few months ago - which required an email address to be provided. Coincidence - or an example of data sharing?
134. The Scottish Parliament, 22 Feb. 17 - Question from Clare Haughey
Question S5W-07384: Clare Haughey, Rutherglen, Scottish National Party, Date Lodged: 21/02/2017
Answered by Derek Mackay (22/02/2017):
Ministers have listened carefully to the arguments made during the consultation on proposed amendments to the LEARS Act Regulations, and have concluded that it would not be appropriate to broaden the range of bodies prescribed in legislation who can share data with the National Health Service Central Register, even subject to strong controls. Ministers therefore do not intend to take forward the amendments to this effect originally proposed.
Ministers do believe that it is desirable that a member of the public, who wants to access public services online, can be given the chance to demonstrate their identity easily – and be confident that no-one else is able to pretend to be them, and that their privacy is guaranteed. This becomes ever more important as the Scottish Government takes on new powers, prepares to deliver new services, and aims to make these services as convenient, accessible and user-centred as possible.
Ministers therefore intend to work with stakeholders, privacy interests and members of the public to develop a robust, secure and trustworthy mechanism by which an individual member of the public can demonstrate their identity. Any such mechanism will have to be entirely consistent with the Scottish Government's Privacy Principles, so that members of the public can be confident that their privacy is being protected.
Current Status: Answered by Derek Mackay on 22/02/2017
In summary, the proposal to extend the role of the National Health Service Central Register (NHSCR) to act in effect as a national identity register for Scotland has been withdrawn.
135. Scotland on Sunday, 23 Apr. 17 - Put privacy first and ID system can be a boon, Jim Killock
Many people will be pleased to see the death of SNP plans to use the Scottish NHS Register to help collect income tax and verify the identities of citizens signing up for online government services...
However, Scotland still has the legacy of a potentially very intrusive national identity system that has grown up in a highly ad hoc manner and urgently needs an overhaul – perhaps even dismantling entirely...
The UK ID system was deemed dangerous by campaigners because it had the clear intention of linking people's personal information across government. The ID Card would be linked to a Unique ID number, which would be attached to every record about you in government...
The ID Card was never really the problem with Labour's system, it was the impact of tracking people across every interaction with the government.
The same kind of thinking appears to have been applied in Scotland. Everyone in Scotland is assigned a "Unique Citizen Reference Number" (UCRN) at birth, under a legislative duty assigned to National Records of Scotland. This UCRN was to be utilised by the online "myaccount" logins, and the NHS, linking your activity made across each Scottish Government department.
The UCRN is already employed by the Scottish Entitlement Card, currently used as a bus pass, local library card and for student services in many colleges.
Between the Scottish Entitlement Card, UCRN, myaccount and repurposing of the NHS Register, the Scottish Government would have in place all the key elements of the UK Labour ID system: a voluntary ID Card; persistent linking of data across government, an online login system and a national ID database with the home address of nearly everyone in the country. All this despite its own Scottish identity principles insisting "persistent identifiers" like the UCRN should not be used...
The promise of the current Scottish Government to review the way they approach identity and authentication is very welcome. It needs to look at all of these issues, and move on from the top-heavy, centralised model of the early 2000s...
A truly Scottish identity system could protect rights and provide a major boost to the economy, rather than lumber Scotland with an expensive and unaccountable echo of the Blairite past.
136. Scotland on Sunday, 9 July 17 - ID numbers 'can improve lives' of children in care, Tom Peterkin
An academic has argued that introducing ID numbers would help to build up a picture of the health of children in care.
Experts specialising in looking after Scotland's most vulnerable youngsters have urged First Minister Nicola Sturgeon to consider issuing children with a personal ID number to help monitor their health, education and interactions with social work.
Research involving the Scottish Government-funded Centre for Excellence for Looked After Children in Scotland (CELSIS) has suggested the introduction of a personal number would help tackle the health and education disadvantages suffered by children in care.
Experts behind the research acknowledge that introducing an ID number that is common to health, education and social work records and is retained throughout an individual's life would prove controversial for those concerned about potential breaches of privacy...
A paper involving experts from Strathclyde University-based CELSIS found that it was difficult to compare the health of looked-after children's teeth with those of children not in care. A child's looked-after status did not tend to come up on health records...
Although the Scottish Government has said it has "no plans" to introduce personal ID numbers, [Professor Phil Wilson] said the idea would enable professionals to improve services for the most vulnerable and therefore should be looked at by Sturgeon's review into children in state care...
Wilson said the research had shown that Scotland had exceptional data in a variety of areas, but it was difficult to get an overview of an individual because they were held in different systems...
Sharing of information about children, however, is a political hot potato. The Scottish Government's controversial named person scheme fell foul of European human rights legislation, which objected to sharing of information without permission.
Yesterday Lib Dem leader Willie Rennie said he opposed the idea on the grounds that it could risk individual liberty...
Rennie said: "The SNP government has had an unhealthy attraction to super databases without wider consideration of the risks to individual liberty or security of personal information. We have seen the inherent insecurity of government and business IT systems in recent months. That should be a warning to any government."
A Scottish Government spokeswoman said: ..."There are no plans to introduce a system of ID numbers for looked-after children."
137. Scotland on Sunday - Letters, 16 July 17 - ID numbers for vulnerable children a gift to hackers, Dr John Welford
Unique personal ID numbers have been proposed for children in care as a way to lessen disadvantage
Once again we see the arguments trotted out for introducing unique personal ID numbers and data sharing to assist the most needy in our society ("ID numbers 'can improve lives' of children in care," News, 9 July).
Unfortunately, this can so easily become just a veiled request for ID cards and an increasingly repressive state. But at least the academics presenting this proposal recognise that it "would prove controversial" for those concerned with privacy. However, I wonder whether they've considered the practicalities of introducing such a scheme.
Setting up a national registration service is hugely expensive. But also there are severe data security implications. And this is particularly relevant at a time when we're seeing how cybercrime increasingly puts all confidential information at high risk. Even data security specialists struggle to keep up.
Meanwhile, as the researchers seek to make it simpler to access their valuable "linked" data, they'd also be doing the same for the criminals. The truth is that it's safer to maintain the data in its unlinked state. Compartmentalisation, i.e. not putting all one's eggs in one basket, remains a very sound security principle.
Having a unique ID number has similarities to using a single password for all logins. Highly convenient, but a gift to the cybercriminal.
This letter was submitted in response to the preceding article, item 136.