When is anonymous not anonymous?

We seem to have a bit of a stand-off with the Information Commissioner at the moment about what constitutes anonymised data. No, don’t run away – this is really important and rather interesting, I promise.

The Youth Justice Board has built a new system, unimaginatively called the YJMIS, to collect what purports to be anonymised statistical data every quarter from each local authority Youth Offending Team in England and Wales. This is data about offences, disposals, personal profile scores and interventions.

Anonymised? Well, it isn’t taking the child’s name or full address. It takes date of birth, ethnicity and the sector postcode – that is, the first half of the postcode plus the first digit of the second half.

Sector postcodes correspond pretty closely to electoral wards, and if you go to the ONS Neighbourhood Statistics site enter your postcode and then click ‘Ward’, you can get information about the area where you live.

Click ‘2001 Census: Census Area Statistics’ and then ‘Ethnic Group (UV09)’. If you live in an urban area, the chances are that there are hundreds of people from a variety of ethnic groups. So far, so good. Now try looking at, say, Frome in Somerset, or Tonypandy in South Wales, or Saffron Walden in Essex, or Dymock and Kempley in Gloucestershire – or, indeed, at Hough ward, which contains the Information Commissioner’s office.

Do you see the problem? Sector postcodes + ethnicity data do not provide anonymity for those in BME groups who live outside densely populated and ethnically diverse areas. Add in date of birth as well, and the chances are that you could narrow information down to one or two children.

This is not anonymised data but Youth Offending Teams have, with the blessing of the Information Commissioner, uploaded the first batch without seeking consent or giving anyone an opportunity to object on the grounds that they could be identified from the data. The local authority supplying the data remains the data controller.

Does this matter? Well, yes. On principle alone, it’s discrimination. Why should certain groups of people enjoy less protection than others? If you look at the YJMIS FAQs, they say that

“information to be shared is for the stated purposes of the prevention or detection of crime. Therefore, only organisations with this intent will be authorised.”

That means every local authority in the country + the police, and presumably any voluntary sector organisation or researcher who can demonstrate that they need access to YJMIS.

Given that the YJB has just had its second burglary in 18 months and, on the last occasion, server discs were stolen, access may not even be restricted to those who are appropriately ‘authorised’.

Novel uses for DNA

The UK Border Agency has just announced a new initiative – you may have seen a bit about it in the Observer this week.

It’s called the ‘Human Provenance pilot project’ and the ‘stakeholder letter’ sent out a couple of weeks ago by UKBA explains:

Human Provenance testing analyses the isotope configuration as stored in a person’s body. All samples will be provided voluntarily. The analysis itself involves the testing of hair and nail samples to allow us to be able to match results using internationally recognised isotope comparison methods to help identify a person’s true country of origin. We will also be testing mitochondrial and Y chromosome DNA, which are collected by use of a mouth swab and matching results using similar comparative methods. These samples will not provide specific information about a person’s identity but simply an indication of their possible nationality allowing other investigations to be made.

See this statement from the British Society for Human Genetics if you want to know why the use of DNA to determine ethnic origin is a seriously daft idea.

UKBA’s letter continues:

…The pilot will also address the issue of children being brought to ASU as part of an asylum seeking family when they are in fact unrelated.

Oh, terrific. Quite apart from the sheer inhumanity of revealing possible family secrets to an already traumatised child and risking family meltdown, the whole idea gives off a whiff of the project’s designers having led blissfully sheltered lives. There are any number of reasons, beyond the obvious, why children may not be related to their fathers – or even to their ‘families’. Rape isn’t exactly unknown in war-zones and women may be too ashamed or frightened to reveal it. Children get informally adopted into other families when their parents are killed, or their family of origin scattered in conflict zones. Cultural definitions of ‘family’ can vary – consider polygamy for example – and actually, most of us have uncles and aunts with whom we share no DNA at all.

The idea that the project is ‘voluntary’ is simply laughable. Someone who is dispossessed and scared isn’t exactly in a strong position to assert preferences. As for the word ‘pilot’, I think it translates as: let’s use a few asylum-seekers as crash-test dummies for some dodgy science.

Still, I’m wondering about this mitochondrial DNA idea. Maybe mine would reveal that my roots are somewhere in the Seychelles and I could agree to be repatriated?

Not-so-safeguarding

I didn’t realise how long the latest blog-pause has been until I noticed a thread on No2id very politely inquiring after ARCH’s health. Yep, it’s been a bit manic again, but I hope to post a bit over the next few days to give everyone an idea of the things that have come between ARCH and its blog.

You’d have to have been in a coma or out of the country to miss all the recent headlines about the Independent Safeguarding Authority, and the danger of letting un-vetted adults anywhere near children. It’s certainly changed the way I look at things. For example, I nipped into our local Costcutter the other morning and found the owner chatting happily with a little girl – nobody else was in the shop. I returned home, only to see the milkman at the door of our neighbours across the road. Their 14yo daughter had answered and was talking to him. Yikes! her parents were both out at work! Hmm, maybe everyone should be vetted. Oh, hang on… then we’re back at square one again.

In today’s Observer, Catherine Bennett points out how reluctant Parmjit Dhanda (the minister responsible for the Safeguarding Vulnerable Groups Act, which brought the ISA to birth) was to let anyone slip through the net:

as Parmjit Dhanda made clear, the more vetting the merrier. Whatever its lamentable vaguenesses about scope, definitions, enforcement and so forth, no one would ever fault his bill for inclusiveness.

Funnily enough, we would. When this grisly Act was still an embryonic Bill, we tried to get an amendment to make the provision of mobile location tracking services a regulated activity. You can see the full story here.

Doesn’t it seem faintly ridiculous that someone driving a mini-bus containing the school football team needs to be vetted, while the person who knows exactly where your child (or, at least, your child’s mobile) is at any given moment doesn’t even need a CRB check?