Sacrificing education to health and safety?

November 24, 2009

We’ve often criticised the ‘Every Child Matters’ agenda on the basis that, as well as being an outrageous intrusion into children’s and families’ privacy, it sets up a dangerous confusion between child protection and more general child welfare concerns.

In today’s Guardian, an interesting comment piece points out the effects of ECM on education:

The French philosopher Montesquieu observed in The Spirit of Laws that education systems seem to transmit a main principle which informs both individual behaviour and a corresponding system of government, a principle for what Foucault would call “the government of self and others”. Education transmits the principles of honour in a monarchy, virtue in a republic and fear in a tyranny. If Every Child Matters is anything to go by, we can say that today’s society is ruled according to the principles of health and safety.

Well worth reading.


DNA issues

November 24, 2009

Some confirmation of something those of us working on DNA issues have long suspected:

Police officers in England and Wales have made arrests just to get people on to the DNA database, a retired police superintendent has claimed. He told the Human Genetics Commission (HGC) this was the “norm”. It wants new guidance for police to regulate when it is appropriate to take a sample of DNA

On the subject of the HGC, they currently have a consultation out on the development of a code of practice for the supply of DIY gene-testing kits. This is a particularly thorny issue where children are concerned: should a parent have the right to consent on a child’s behalf to gene-testing that is purely for ‘recreational’ purposes, rather than because of medical necessity? The HGC suggests:

p12 5.10 With the exception of paternity tests, genetic tests in respect of children when, according to applicable law, that child does not have capacity to consent should normally be deferred until the attainment of such capacity, unless other factors indicate that testing during childhood is clinically indicated. If postponement would be detrimental to the child’s health, or the management of the child’s health may be altered significantly depending on the test result, then testing should be organised by a genetics health professional who has responsibility for ensuring that any medical intervention or screening indicated will be arranged and proper arrangements made for any subsequent care.

To our minds, this doesn’t go nearly far enough. ‘Capacity’ is only one factor in obtaining a child’s consent; in order to be valid, consent must also be informed and voluntary. We will be addressing this in our response to the consultation.

Targets good, privacy bad

November 17, 2009

A couple of years ago, a great deal of fury was expressed at the intrusiveness of Ofsted’s ‘TellUs’ surveys. At the time, we said:

If schools and parents are angry now, we must warn that things can only get worse: LAs are planning to issue their own surveys in order to gather performance-indicator data

You need to go back and look at that post in order to understand what we meant, but, basically, we were warning that children’s services would need to step up their data collection so that they – and Ofsted – can assess whether they are meeting their PSA targets, derived from the ‘five outcomes’, the government’s aims for children:

Being Healthy
Staying Safe
Enjoying and Achieving
Making a Positive Contribution
Achieving Economic Wellbeing

(The latest full list of PSA targets and indicators can be downloaded here.)

Today, the Register gives an example of the way in which the task of PSA target-checking is being tackled:

The government obsession with collecting data has now extended to five-year-olds, as local Community Health Services get ready to arm-twist parents into revealing the most intimate details of their own and their child’s personal, behavioural and eating habits.

The questionnaire – or “School Entry Wellbeing Review” – is a four-page tick-box opus, at present being piloted in Lincolnshire, requiring parents to supply over 100 different data points about their own and their offspring’s health. Previously, parents received a “Health Record” on the birth of a child, which contained around eight questions which needed to be answered when that child started school.

The Review asks parents to indicate whether their child “often lies or cheats”: whether they steal or bully; and how often they eat red meat, takeaway meals or fizzy drinks.

However, the interrogation is not limited to intimate details of a child’s health. Parents responding to the survey are asked to provide details about their health and their partner’s health, whether they or their partner are in paid employment, and even to own up to whether or not their child is upset when they (the parent) returns to a room.

All of those questions link to PSA targets. The child’s foodie and health questions come under ‘being healthy’. The parental health questions are more likely to be about ‘staying safe’ – and also ‘enjoying and achieving’ because the answers may indicate that a child has caring responsibilities. Behaviour questions are almost certainly connected with spotting children of potentially criminal disposition for referral to early intervention projects (the ‘making a positive contribution’ strand, which requires children’s services to reduce the number of entrants into the youth justice system). Family income and housing questions are about ‘achieving economic wellbeing’.

The register article continues:

Completing the review is, according to a spokeswoman for Lincolnshire Community Health Services (CHS) “entirely the choice of the parent”. However, the letter accompanying the review states: “Please complete the enclosed questionnaire …and return it to school in the envelope provided within the next 7 days.”

There is no indication on the letter of a parent’s right to opt out, and parents we have spoken with have expressed fears that failure to fill out this questionnaire might mean their child’s access to health services would be diminished.

That’s disgraceful, but not surprising. As we discovered during the course of the ‘informed consent’ project, attitudes to consent/data protection in some local authorities can be perfunctory to the point of indifference. To give a recent example of what I mean, I bumped into this quote from a practitioner who has just started using Contactpoint and says that it has saved time:

“It’s useful to have all the information on one screen rather than having to ask the parents – they can find it frustrating and question why you want to know,”

In other words, perish the thought that parents should inconvenience practitioners by questioning their right to collect and share data. Who on earth do they think they are?

Lessons still not learned

November 17, 2009

Yet another data loss by a local council:

Personal data on more than 14,000 voters has gone missing from the offices of a council in Hertfordshire. The data was protected by two levels of security, the council said, but admitted there was a “slight risk” it could be accessed.

Well what does that mean? It turns out that ‘two levels’ of security is actually two passwords: One to access the computer, a second to access the software holding the details. When my old laptop turned up its toes last year, the data-retrievers very kindly set up my new one pdq – and simply scavenged the passwords from my old, dead machine. If you want, you can buy the software to do that online for around a tenner.*

So in other words, we’re talking about rather more than a ‘slight risk’. If the laptop has been stolen by someone with no interest in its contents, they probably won’t bother accessing the data. On the other hand, if that ‘someone’ realises that there is potential value in the contents, they probably will. That the data can be accessed is almost certain, the only question is whether the thief will bother to do so.

Once again we get this tedious assertion from the recalcitrant council:

the council takes its responsibility to look after their personal data very seriously

I’m trying not to froth at the mouth, but for heaven’s sake! They patently didn’t take it nearly seriously enough! Why keep trotting out this meaningless nonsense? Unencrypted data should never have been on a laptop in the first place. If a council is taking its responsibility ‘very seriously’, then they should be abiding by the Data Handling Guidelines, which have their first birthday next week. Which bit of the following excerpt is unintelligible?

Wherever possible councils should avoid the use of removable media including laptops, removable discs, CDs, USB memory sticks, PDAs and media card formats. Where it is unavoidable, encryption should be used and the information transferred should be the minimum necessary to achieve the business objective.

Presumably the council is also by now compliant with the Government Code of Connection. Amongst other things, councils should have a default position of not using laptops

Removable media
Removable media should be disabled unless there is a business case for its use.

What is the point in all of the time and public money spent on developing security standards when councils simply carry on downloading sensitive data to unencrypted devices?

*Update: ARCH’s webmaster has just helpfully pointed out that you may not even need a tenner

Compare and contrast

November 16, 2009

From Tony Collins we hear that:

An NHS trust at the forefront of work on the £12.7bn NHS IT scheme has called in police after a breach of smartcard security compromised the confidentiality of hundreds of electronic records.

Meanwhile, on another planet:

Millions of patient records are to go online in London after long delays to an NHS IT upgrade in the city.

…The records, which contain details of patient medications and allergies, will go live on Thursday following pilot studies across England.

It is hoped the system will allow data to be shared more easily.

I’m sure it will. The problem is, with whom?

Another one for the ‘at risk’ list

November 16, 2009

NICE is consulting on sharing information to identify families who live in the kind of homes where children might have an accident

Recommendation 1: identifying and prioritising households at greatest risk

Who is the target population?
Children and young people aged under 15 years at greatest risk of an unintentional injury, their parents and carers.

Who should take action?
Local strategic partnerships (LSPs), children and young people’s strategic partnerships (where they are not part of the LSP), local safeguarding children boards (LSCBs) and children’s trusts.

What action should they take?
• Use local information to identify and prioritise households where children and young people aged under 15 are at greatest risk of unintentional injury. Factors could include overcrowding, a low income and a lack of appropriately installed safety equipment. The data could come from surveys and needs assessments and existing datasets (such as hospital episode statistics). Or data could be gathered as part of routine practice (for example, during home visits by community practitioners).

• Consider establishing or using an existing database to share information on high-risk households with other statutory agencies. For example, social workers, GPs and health visitors could identify overcrowded dwellings and notify others via a database accessible to all statutory organisations.

Yet again, it seems that poverty trumps Article 8.

The consultation closes on December 2nd.