A quarter of government databases called 'illegal'

A new report has alleged that a quarter of government databases are 'illegal' and goes on to claim that Britain is becoming a "database state".

The report by the Joseph Rowntree Reform Trust questioned the government's moves to hold more information on citizens as part of its Transformational Government programme.

The report's co-author Professor Ross Anderson of Cambridge University said in a statement: "Too often, computerisation has been used as a substitute for public service reform rather than a means of enabling reform. Little thought is given to safety, privacy and value for money."

The report added: "There should never again be a government IT project - merely projects for business change that may be supported by IT. Computer companies must never again drive policy."

After analysing 46 public databases, the report's authors alleged that a quarter were illegal under human rights or data protection laws, and should therefore be scrapped or "substantially redesigned."

Half were found to feature enough flaws that they could be legally challenged, the report added.

Just 15 per cent were found to be "effective, proportionate and necessary, with a proper legal basis for any privacy intrusions." That said, the report added some of those had operational flaws.

The report rated 11 databases as "red", saying they should be scrapped or redesigned, including the National DNA Database, which holds profiles on four million Britons, as well as the controversial National Identity Register, which holds the data for the identity card scheme.

It also slammed the NHS Detailed Care Record, the communications database of email and phone calls, in addition to ContactPoint, which holds data on all children in the UK. See below for the full list.

Another 29 databases were rated "amber", which led the report to suggest they should be split up, reduced in size, or feature opt-out clauses. These include the NHS Summary Care Record, which makes up a key part of the health service's National Programme for IT, the CCTV network and the Automatic Number Plate Recognition systems.

It also includes a national Childhood Obesity Database, storing the weight of young children, which the report called "simply unnecessary".

Just six databases were given the "green" light, including the National Fingerprint database, the TV Licensing database and the council tax system.

Despite the HMRC breach and the flood of reports which followed, the government is continuing to head toward a database state, the report said. "Yet ministers remain intent on building increasingly intrusive personalised services around more large centralised databases with a strong element of data sharing. This supertanker will not be turned quickly," it warned.

The views were backed by anti-ID card lobby group NO2ID. Phil Booth, national coordinator, said: "This survey shows just how vast the database state has grown while your back was turned. It threatens the privacy, personal security and freedom of everyone in the UK."

He added: "Government now sees collecting and collating information about the people as a primary function: snooping is the first resort. To stop the database state, the surveillance reflex must be changed."

Red light databases:

- The National DNA Database

- The National Identity Register

- ContactPoint (child services)

- NHS Detailed Care Record and the Secondary Uses Service

- Common Assessment Framework (child welfare system)

- ONSET (Home Office system for predicting which children will commit crimes when they grow up)

- Department of Work and Pension data sharing programme

- Audit Commission's National Fraud Initiative

- Communications database/Interception Modernisation Programme

- Prum Framework (shares policing data with EU states)

Green light databases:

- National Fingerprint Database

- TV Licensing

- Vehicle and Operator Services Agency

- Driving Standards Agency

- Land and Property Gazetteers

- Council Tax

Click here to read the lessons we all should have learned from a year of data breaches.