Fears over the security of data held by government in a single resident record have been raised in Tynwald.

Daphne Caine (Garff) listed some of her own experiences of data breaches during a debate on the principles to be applied to a system to design a smart service framework to enable the creation of the ’single identifying record for an individual across different government systems’.

Members voted unanimously in favour of the principles and the proposed system to implement it, but not before assurances were sought.

’This year I have personally experienced several incidences of human error leading to concerning, albeit minor, data breaches,’ Mrs Caine said, adding 69% of respondents to a consultation did not trust the government to secure safely the information it held.

’Despite all the technology, we still rely on human efficiency,’ she added.

’Only last month a constituent told me they had failed to secure a check-up appointment following eye surgery.

’Regular check-ups are required every two to three months, but no appointment has been made for 12 months. When they complained, they were told, "It’s a result of digitisation. We’ve lost your entire records."’

Mrs Caine said, even though the information would not be held on a single database, it still presented a target for hackers and sought assurance from Policy and Reform Minister Chris Thomas.

’The plan now is that there will not be a big, scary, central database of information but it does not matter if all the information is in one place or kept in separate places linked via some kind of central register or key,’ she added. ’In both cases it presents a hacking target.’

Juan Watterson (Rushen), tabled an amendment requiring an outline of the envisaged savings and a timetable of their realisation.

Mr Watterson said that the government had not specified how savings would be made.

He added: ’This should be bread-and-butter to government. If you are going to provide a business case, it should identify the savings as well as the costs.’

The amendment was voted down 18-4 in the House of Keys. Although Legislative Council members supported it 5-2, it failed, due to the division between the branches.

There was unanimous support to accept the report outlining the principles to set up the system for a single resident record across government departments.

Policy and Reform Minister Chris Thomas, who has previously promised a ’robust’ system, told members: ’I recognise the potential for harm resulting from the misuse of data.

’This framework would help to protect people’s privacy, comply with data protection legislation, current and future, whilst providing a mechanism to join government systems and enable a "tell us once" approach to contacting government services.’

But it would be ’policy and law’, rather than technology, that would dictate the agenda for its use.

’The proposed approach uses technology to understand the relationship between an individual and their various records in government back office systems, without storing data centrally or providing officers with the ability to see any information that they would not be able to see during their usual line of work.

’It is possible to do this without linking the identity directly to other systems in government.’

Chris Robertshaw (Douglas East), a long-time advocate of the single resident record in some form, praised the progress made.

impressed

’What they have done, I think, frankly is quite remarkable,’ he said. ’I am genuinely impressed.

’I think the work they have done is exemplary, and I do not want to be too strong in my wording, but actually world-beating in some regard.’

In written answer to questions tabled earlier, Mr Thomas said there had been no instances of action being taken against civil servants for data breaches in the past five years, although there had been four ’decision notices’ issued relating to breaches.