How one woman found out about the intimate information held about her *
By Claudia Joseph
Big Brother knows all about my bunion op - and the fish pie I ate after it: How one woman found out about the intimate information held about her
It was a perfectly ordinary summer’s day. On July 29 last year, Angela Lay, a performance management officer at Maldon Council in Essex, got up early and drove the two-and- a-half miles from her home in Heybridge Basin to go shopping in Maldon.
She left Tesco at 6.03am, having spent £126.80 on food and earned 60 points on her reward card, returned home and unloaded the silver Renault Megane diesel car she had bought four years earlier.
She then caught the train from Witham to London, paying £23 for her ticket from London Eastern. By 12.04pm she was in Covent Garden, where she withdrew £30 from HSBC, money from the widow’s pension paid that day into her bank account.
Afterwards she went shopping, spending £73.95 at H&M in Regent Street and £48.60 at Hamleys.
Using her Orange mobile phone, Angela texted her 18-year-old daughter Kathryn, who was on holiday in France, at 3.15pm.
She also texted her son Thomas, 16, but he did not reply because he was too busy texting his friends on his BlackBerry. After trying again, she gave up and headed to Tottenham Court Road.
Angela popped into Boots, buying two bottles of Evian water for £1.60, a £1.25 packet of Maltesers and a pair of sunglasses for £27 for her holiday in Turkey nine days later.
She got a second pair free on a special offer. She used her Mastercard to pay the bill and qualified for two points on the loyalty card she had held for ten years.
She left the store at 7.03pm and walked across the road to the Dominion Theatre, where she watched the Queen musical We Will Rock You, having bought the tickets for £111.50 on her credit card. After the show, she headed home to Essex.
This extraordinarily detailed account of a single day in Angela’s life was pieced together by The Mail on Sunday from information stored in a bewildering mosaic of computer databases, both state and commercially run.
We obtained the information quite legally – by asking Angela to send written requests under the Data Protection Act to get hold of copies of the information held on her.
The data included her holiday details, a bunion operation she underwent in 2009 and even the fish pie, broccoli and bread-and-butter pudding she ate afterwards.
But alarmingly, there are no real controls on who holds this information or who can access it.
Only last month, the Information Commissioner, Christopher Graham, revealed in his annual report that he had received 603 complaints about the unauthorised release of sensitive information, but that the true scale of privacy and data breaches could be much higher because private-sector firms were not obliged to report them.
What’s not in doubt is that the range of information held on databases is vast: the location of your mobile phone, the movement of your car, telephone calls, emails, internet use, purchases, bank and savings accounts, travel details, health appointments, criminal records, innocent involvement in police inquiries and a host of other personal details.
Added together, they can be used to piece together almost every detail of every British citizen’s life. Indeed, they are so pervasive that the Office for National Statistics is considering plundering them to replace the National Census.
Worryingly, a report commissioned by the Information Commissioner last year warned that Britain was already a surveillance state.
The most frightening aspect is the range of people who can legitimately access this information – even before it is quite legally sold or traded.
Or, worse, stolen. Under the Regulation Of Investigatory Powers Act 2000, the police, HM Revenue & Customs, UK Border Agency, Security Services and other Government agencies can access any of these databases – public or private – without a warrant.
As can the police forces and examining magistrates of 32 European countries – without reference to any UK court.
As Guy Herbert, general secretary of the campaigning group NO2ID, said: ‘We are beginning to live in an age of computerised mass surveillance.
It is a dangerous fashion in government to try to manage the population by collecting and sharing information about citizens. Information about you is power over you. The Stasi of East Germany could not have dreamed of having such resources.’
It’s ironic that although a wide range of groups and people can look at our files, as individual citizens it can prove incredibly difficult to discover what they know about us – even though we have a legal right to check.
Under Section 7 of the 1998 Data Protection Act, every Briton is entitled to make a Subject Access Request to public bodies to find out what information is held on them.
But in reality, the process is extremely problematic, time-consuming and costly. To carry out this investigation, we have spent £380.90 to date and Angela has written a further £90 of cheques, which have still not been cashed.
Angela and I spent months trying to find out the correct departments to apply for the information.
Some public bodies such as the Criminal Records Bureau and the police have official forms to fill in – but even then many letters were returned to us as they were wrongly addressed.
In total, we sent out 31 letters on October 15 last year to hospitals, health authorities, councils, Government departments and police authorities, enclosing cheques and proof of identity. Nine months later, some of them have still not replied.
Even her GP’s surgery has not given her copies of her records, despite Angela being willing to pay for them. They suggested she pop into the surgery but when she did, there was nobody available to show them to her.
This is particularly worrying as the NHS is currently compiling a controversial database of patients’ medical files.
Although it is expected to make it easier for doctors and nurses to treat patients, recent security breaches in the NHS and revelations that as many as 140,000 non-medical staff will be able to view the records have raised fears about possible breaches of patients’ human rights.
In June, civil liberties campaigners and MPs expressed concern about the latest database to be launched – the National Police Database, which is being loaded with the records of six million innocent people, as well as nine million criminals and suspects.
One of these innocents is Angela’s daughter Kathryn, whose late father Robert was an Essex police officer.
She was caught up in an incident on a school bus at the age of 14. Though she was released without charge, police retained a picture of her and her DNA.
Her details have probably been passed to eCAF – the electronic Common Assessment Framework which assesses children’s welfare needs, and ONSET, a Home Office system that predicts whether youngsters will go on to become criminals.
‘It is incredible to find out how much information is being held about me and my family,’ said Angela. ‘I don’t like the fact that they have Kathryn’s DNA when she has not been convicted of a crime.’
It is now two years since a report commissioned by the Joseph Rowntree Reform Trust suggested that a quarter of all Government databases were illegal and should be scrapped as they waste billions of pounds and breach human rights.
Some of these databases have now been axed or redesigned. Last summer, Contact Point, designed to collate the details of 11 million children at a cost of £235 million, was ditched.
And earlier this year Home Secretary Theresa May got rid of the National Identity Register, dreamt up by one of her predecessors, David Blunkett, seven years ago. But others, such as the National Police Database and the controversial NHS patient database, Spine, are still causing concern.
However, there is another, even more sinister, reason to be alarmed. Under the last Government, there were plans to link the register of medical records to the Police National Database, which would have made them accessible to police and Security Services.
Equally, there are concerns over the proposed Communications Database. The Interception of Communications Commissioner, Sir Paul Kennedy, said the number of police and council demands for phone and email records had risen by ten per cent, with more than 500,000 requests last year alone.
And finally, it was recently revealed that 904 police officers were disciplined and 243 police officers received criminal convictions between 2007 and 2010 for abusing the Data Protection Act.