Out of ideas

February 29, 2008

Truancy rates in England’s schools are at their highest since 1997.

An estimated 63,000 pupils truanted every day, equating to 1% of all school sessions missed without a valid reason. This is also a rise of a quarter, or 0.21 of a percentage point, on comparable figures from last year which were 0.79%.

The government has written to local authorities urging them to keep up the pressure on persistent absenteeism.

Um, because it’s worked so well in the past?

How much money is your local authority wasting on truancy sweeps, then? Go on, send them an FOI request and find out.


Fingers in ears

February 29, 2008

The latest output from the Cambridge review of primary education, this time on what they describe as the “state theory of learning”:

The biggest inquiry into primary education for 40 years concluded yesterday that Labour’s tight, centralised control of England’s primary schools has had a devastating impact on children’s education. Micromanagement, meddling and a succession of ministerial edicts have killed the spontaneity in the nation’s classrooms. Teachers have been stripped of their powers of discretion. And the net result of a decade of new Labour “reform” has almost certainly been a decline in the quality of education that the young receive.

The government has gone for one of its two preferred responses:

A spokeswoman for the Department for Children, Schools and Families dismissed the research as “recycled, partial or out of date”.

Presumably the ad hominem attack option will be saved for another day.

Damilola Ajagbonna

February 21, 2008


Ironic that the Home Office wants people to earn the right to stay in this country when they’re just about to deport a lovely young man who has done more than his fair share of joining in.

The Independent puts it like this:

A “remarkable” immigrant, honoured this week by the Church of England for his contribution to British society, has lost his legal battle to stay in this country.

Damilola Ajagbonna, 19, whose academic record has won him places at Cambridge and Sheffield universities, said he was bitterly disappointed after the Court of Appeal yesterday turned down his final appeal for the right to live here. He is expected to be ordered to return to Nigeria in the next few weeks.

Even the Daily Mail has joined in:

By any standards, 19-year-old Damilola Ajagbonna must be counted among those migrants who have triumphed against the odds to become shining assets to their adopted country.

There’s lots more about Dami here, here and here (the picture at the top comes from that story in ‘Bedford Today’) or try sticking his name into a google search.

Dami lost his last appeal a couple of weeks ago, and it’s now up to the mercy (or otherwise) of the Home Secretary whether he’s allowed to stay, or has to leave behind the aunt and uncle who have brought him up for the last 8 years and be shipped off to Nigeria.

Please write to Jacqui Smith and ask her to let Dami stay. As well as everything else you’ve read above, I know this guy and, believe me, he’s terrific. Everyone in the children’s sector is completely gutted about his impending deportation.

The details you need:

The Rt Hon Jacqui Smith MP
Home Secretary
Home Office
2 Marsham Street
London SW1P 4DF

emails: smithjj@parliament.uk or public.enquiries@homeoffice.gsi.gov.uk

Children’s Database briefing

February 21, 2008

By coincidence, a few days ago we put together a joint briefing on children’s databases with FIPR, Liberty, NO2ID, Open Rights Group and Privacy International with the idea of giving journalists some background detail when they write on the subject.

It’s not available online yet, but you can download it as a word doc here or click on the rolling banner at the top of the ARCH website.

Contactpoint: carry on regardless

February 21, 2008

The Government announced in a Written Ministerial Statement today that they will carry on as planned in introducing Contactpoint this autumn, despite clear warning in the security review commissioned by DCSF that it can’t be secured:

Database holding details of every child in England ‘can never be secure’

A controversial Government database containing the personal details of every child in England will always be at risk of security breaches, a report warned today.

An independent study by Deloitte called for “further controls” to be introduced over “access to data” on the £224 million ContactPoint system.

…The Deloitte report said: “It should be noted that risk can only be managed, not eliminated, and therefore there will always be a risk of data security incidents occurring.

“What is important is that all practical steps to reduce the risk of incidents occurring are taken and, when an incident occurs, that it is handled and managed effectively.”

The Government does not intend to publish the full report. Since the Written Ministerial Statement won’t be up on Hansard until tomorrow at the earliest, here it is in full:



The Parliamentary Under Secretary of State for Children, Schools and Families (Lord Adonis): My hon. Friend the Parliamentary Under-Secretary of State for Children, Young People and Families (Kevin Brennan) has made the following Written Ministerial Statement:

I am publishing today the findings of the independent review of the security procedures of ContactPoint, conducted by Deloitte, and the Government Response. I acknowledge Deloitte’s recognition that security is ingrained in the ContactPoint Project team’s work. The Government accepts all the report’s recommendations and will address them.

ContactPoint is a key element of the Every Child Matters programme to transform children’s services by supporting more effective prevention and early intervention. Its goal is to improve outcomes and the experience of public services for all children, young people and families. ContactPoint will provide a tool to support better communication among practitioners across education, health, social care and youth offending. It will provide a quick way for those practitioners to find out who else is working with the same child or young person.

ContactPoint will be a simple basic online tool containing:

· minimal identifying information for each child; name, address, date of birth, gender, and contact details for parents or carers. Each child will also have a unique identifying number;

· contact details for the child’s educational setting and GP practice and for other practitioners or services working with them; and

· an indication as to whether a service or practitioner holds an assessment under the Common Assessment Framework or whether they are a lead professional for that child.

No case information will be held on ContactPoint.

Security is of paramount importance in the development of the ContactPoint. A number of measures will be in place to ensure security:

· Access will be restricted to those who need it as part of their work and will be limited to that needed to fulfil each role.

· Everyone with access to ContactPoint, including operators or administrators, will be subject to stringent security checks, including enhanced Criminal Records Bureau clearance and membership of the Independent Safeguarding Authority (ISA) Scheme.

· At least 2-factor authentication will be used to access ContactPoint. Users will need a security token and a password.

· All users will be trained in the importance of security and the importance of good security practice.

· Every access to a child’s record will be detailed in the ContactPoint audit trail. This will be regularly reviewed.

· Sanctions will be in place for any misuse. These sanctions can include, if appropriate, prosecutions under the provisions of the Data Protection Act and Computer Misuse Act which may lead to fines or imprisonment.

· The design and implementation of ContactPoint will continue to be reviewed by independent security experts during system build and before it is implemented. Security will of course be audited during operation.

These issues will be reflected in the guidance and staff training that will govern the operation of ContactPoint.

On 20 November, the Secretary of State for Children, Schools and Families decided to commission an independent review of ContactPoint’s security procedures, and I announced this in a Written Ministerial Statement to Parliament on 27 November. The review was undertaken by Deloitte. The Secretary of State and I received Deloitte’s confidential Report in early February. I am today publishing the Executive Summary of this Report, which includes Deloitte’s recommendations. This Statement includes the Government’s response to the recommendations. Both this Statement and the Executive Summary will be placed in the libraries for reference.

The main body of the Report necessarily includes information about the security arrangements for ContactPoint. We will not, therefore, publish the full report in order to minimise the kind of security risk our procedures are designed to prevent.




The Government welcomes the report from Deloitte on the ContactPoint Data Security Review. We acknowledge their recognition that security is ingrained in all aspects of the ContactPoint Project team’s work. We accept all the report’s recommendations and will address them. The first task is to undertake an impact assessment of the detailed recommendations contained in the report. A statement outlining ContactPoint’s security policy is available from http://www.everychildmatters.gov.uk/deliveringservices/contactpoint/security/. The statement will be updated to reflect changes as a result of ongoing work on security, including addressing the recommendations in this report.

The Report’s Recommendations

Clear communication of responsibilities and accountabilities when the governance process is communicated to sponsors and partner organisations

· We recognise the need for the Department to communicate clearly to Local Authorities and partner organisations, who will use ContactPoint, exactly what their responsibilities are and what is required of them. We are developing a comprehensive programme of training, readiness assessments and accreditation checks to ensure these organisations are properly prepared for these responsibilities. The review has identified a number of areas which will be critical to get right as these plans develop. We welcome this advice and will follow it as we finalise our plans.

Technical and procedural controls are subject to formal assurance under a recognised standard

· In determining the security policy for ContactPoint, the Project followed Government guidance on risk assessment and security controls set out in the Manual of Protective Security. The Manual was updated in August 2007. The design of ContactPoint is currently undergoing a re-baselining exercise. Once this is complete, we will fully update the risk assessment against the new criteria and initiate a formal, external assessment to ensure these risks are effectively controlled. The scope of this will include the self-certification and Local Data Quality Tool process issues highlighted by the review.

Further controls are introduced over the access to data by central system users such as database administrators and report programmers

· The review has correctly identified that we have significant controls in place to ensure the security of the core database, but has identified some areas in which these could be further improved. The ContactPoint project will undertake a rapid impact assessment to determine the most effective approach in our specific context, and will build this into the deployment plan.

Processes are defined for the secure disposal of electronic and hard-copy media

· Temporary guidance was issued to ensure secure storage and/or disposal of media used for initial load of data into the database. This was effective at the time, and will be reviewed against latest government-wide best practice to inform standards for production processes. These additional controls will be in place before any data is loaded into the User Acceptance Test or Live systems. The Live system will also be designed to minimise, and where possible eliminate, the use of physical media.

Clear guidance about information security matters is provided to all helpdesk staff on the production system

· The Deloitte review has highlighted one occasion where helpdesk guidance did not reflect best security practice. Formal helpdesk training has not yet taken place, and training plans will be reviewed to ensure that helpdesk staff are aware of security best practice, including the areas highlighted by the review.

The Project Board should consider the appropriateness of obtaining formal independent assurance and accreditation of the supporting security operating procedures at connecting organisations before allowing connectivity or sponsorship

· The Department is still preparing plans for accreditation of connecting organisations, and will take this recommendation into account as those plans are finalised.

The DCSF participate in government-wide security initiatives

· DCSF is already participating in these initiatives through our Chief Information Officer, especially those focused on data security, privacy and strong user authentication. We will take into account all best practice guidelines arising from this work to keep ContactPoint at the leading edge of security practice.

More skeletons

February 21, 2008

It’s just endless:

The Ministry of Defence is launching a new inquiry after admitting to the loss of two more laptops containing unencrypted personal details. The additional losses came to light during the investigation of the theft earlier this year of a laptop containing 600,000 peoples’ personal details.

This takes the biscuit:

Departmental minister Parmjit Dhanda told MPs, “The official data on each of the laptops was not encrypted because none of the information was classified.” In an attempt to reassure MPs, he added, “Each laptop was password protected.”

The real security risk

February 20, 2008


1) This morning the papers are full of the news that a disc containing data about convicted criminals was ‘mislaid’ for a year, eventually turning up covered in dust on someone’s desk. Doubly appalling is this gem from the CPS statement:

“This is not a data security issue as this information was always in the possession of the CPS.”

2) BBC local news a couple of nights ago carried this story about a heap of files that turned up in a derelict council building in North London. When Lynne Featherstone, MP for Haringey, challenged the council, she was astonished to be told that they were only ‘old’ files.

3) You may remember that we blogged in December about schools taking unencrypted pupil data off school premises – a story covered on BBC R4’s ‘Learning Curve’ last week.

After we spoke to Annette Brooke MP, LibDem spokesperson on children, she asked the following question – and got a deeply worrying answer:

Annette Brooke: To ask the Secretary of State for Children, Schools and Families what steps his Department is taking to prevent school staff removing unencrypted sensitive pupil data from school premises. [178044]

Jim Knight: Becta is responsible for producing and publishing guidance for schools on how to ensure the security of their IT systems. Becta’s latest guidance was published in September 2007 and is available on its website. This guidance includes information for schools on monitoring the physical security of ICT equipment, data security and the security of pupil information and data.

In other words the government abrogates all responsibility for data security in schools to a Non-Departmental Public Body.

Three separate examples, but one underlying factor. Despite the CPS insistence that “this is not a data security issue” (“these are not the droids you want”?) all three go to the heart of the real problem: the biggest threats to data security come from insiders who do not take their responsibility for other peoples’ data seriously enough.

No amount of money spent on ‘secure’ systems is going to stem the tide of data breaches if those in charge of the data cannot recognise that their attitudes are the real data security problem. And until that culture-change happens, our private information is simply not safe in their hands.

Children’s DNA retention

February 17, 2008

We’ve at last had an opportunity to bring our information about children on the National DNA Database up to date. The full, grisly story is here.

Life imitating art

February 15, 2008

Someone’s been combing the Armstrong and Miller show for policy ideas:

Ex-servicemen and women should be retrained as teachers to bring military style discipline to tough inner city schools, a think tank has said…The Centre for Policy Studies says ex-soldiers could have a profound effect on discipline and learning.

A quick look at the army recruitment site raises a rather fundamental objection. What attributes do you need to become a soldier?

Qualifications: No specific requirements – except for technical jobs

Here we go again

February 14, 2008

From the BBC:

A laptop containing the medical records of more than 5,000 patients has been stolen from a Black Country hospital.

Another harrumph

February 13, 2008

A lovely opening slap on the rule of law from High Court Judge, Mr Justice Mitting:

Section 174(1)(b)(i) of the Criminal Justice Act 2003 requires a court passing sentence to explain to an offender in ordinary language the effect of the sentence. This requirement has been in place since 1991. These proceedings show that, in relation to perfectly ordinary consecutive sentences imposed since the coming into force of much of the Criminal Justice Act 2003, that task is impossible. Indeed, so impossible is it that it has taken from 12 noon until 12 minutes to 5, with a slightly lengthier short adjournment than usual for reading purposes, to explain the relevant statutory provisions to me, a professional judge.

The position at which I have arrived and which I will explain in detail in a moment is one of which I despair. It is simply unacceptable in a society governed by the rule of law for it to be well nigh impossible to discern from statutory provisions what a sentence means in practice.


February 13, 2008


The Times headlined today on the appearance of a ‘new’ database:

All 14-year-old children in England will have their personal details and exam results placed on an electronic database for life under a plan to be announced tomorrow.

Actually, every child already has a vast amount of personal data on a national database from the time they first go to a childminder or nursery. The National Pupil Database has been in existence for around 8 years. It includes behaviour and attendance data, key stage test and exam results and all sorts of information about ethnicity, special needs and entitlement to free school meals. It’s a permanent record, bolstered by thrice-yearly collections straight off the school system.

Since around 2003 there has also been an ‘Individualised Learner Record’ (ILR) containing data about courses and qualifications taken by everyone over 18. This is now to become MIAP and the age of entry has been lowered to 14. The idea is that students themselves will have direct Internet access to their records, and they can also compile a profile which they can allow prospective employers, admissions tutors etc to access.

I won’t claim to be laid back about the MIAP system – caveats about data security and function creep apply – but on the ARCH scale of horrifying databases, it doesn’t score highly. I can also see that there may be advantages to giving students direct access: it makes it easier to check its accuracy because it’s far less cumbersome than making subject access requests. Allowing a student to grant an employer access to a restricted profile saves the hassle of sending of for copies of lost exam certificates. The key to it all will be whether it remains in the control of the student and not the government or the Learning and Skills Council.

We were a bit puzzled about this sentence:

Last night teachers’ leaders, parents’ organisations, opposition MPs and human rights campaigners questioned whether this Big Brother approach was necessary and said that it could compromise the personal security of millions of teenagers.

I’m not sure which ‘human rights campaigners’ expressed a view. We were not contacted here at ARCH, which is surprising when we’re the only org working in children’s data protection/privacy rights, and nor were any of the ‘usual suspects’ as far as I can ascertain.

I guess what really concerns all of us is the prominence given to a story about MIAP, when the eCAF – now to be extended right into the whole family – hasn’t received the attention it urgently needs. Nor have a heap of other utterly objectionable databases. Now that really would merit the frontpage treatment, but newspapers are reluctant to run stories unless there’s a ‘news hook’ for them, and the government is being very careful not to provide one.

If you still don’t know what eCAF is all about, click on the logo above or watch our Youtube film – and spread the links as widely as you can.

The interlude

February 12, 2008

The fluey bug I’ve been trying to ignore has finally overtaken me. While I convalesce, take a look at this brilliant blog post.

HT: B2fxxx

Bigger than yours

February 8, 2008

Just noticed in passing this answer on Hansard to a Parliamentary Question about the government’s obesity strategy:

the National Child Measurement Programme (NCMP) is an important element of the Government’s work to address the serious and growing problem of childhood obesity. Established in 2005, the NCMP weighs and measures children in reception year (aged four to five years) and year six (aged 10 to 11 years). Significantly improved coverage has produced one of the largest collections of data on children’s height and weight in the world

I bet it has! In fact there’s probably more child-data swilling around the UK than in the rest of the world combined, but whether that’s something to be proud of – like, say, having the largest stamp collection – is another matter.

NB. In the earlier part of the answer (won’t bore you with the whole thing) Dawn Primarolo finds a whole new ‘at risk’ category, as in: “families that are most at risk from child weight issues”.

Did you know you’re at risk?

February 5, 2008

Hot on the heels of the government’s ‘Think Family’ report this conference blurb from Capita dropped into my mailbox:

Early Intervention for Families At-Risk Conference

The Think Family report, published by the Social Exclusion Task Force in January 2008, has launched a comprehensive Early Intervention strategy uniting services for children, young people, parents and families to improve outcomes for all.

Attend this event to gain valuable ideas and help parents in your communities realise and even raise their expectations of themselves and their children. Benefit from the opportunity to network with other stakeholders who share your commitment to delivering an holistic birth to adult inclusion programme.

I guess the new ‘at risk’ brand makes a change from the stale old ‘Every child/family/parent/OAP/dog Matters’ strapline…