Claims that a quarter of all the public-sector database projects are fundamentally flawed have been met with major industry criticism.
The Database State report by the Joseph Rowntree Reform Trust, claimed that more than half of Whitehall's 46 databases and systems have significant problems with privacy or effectiveness, and could fall foul of a legal challenge.
It pointed to the ID cards register, the national DNA database and the Contactpoint index of all children in England, and claimed that they should be given a ‘red light' and immediately scrapped or redesigned. Only six of the 46 systems, including those for fingerprinting and TV licensing, get a ‘green light' for being effective, proportionate, necessary and established - with a legal basis to guarantee against privacy intrusions.
Meanwhile a further 29 databases earn an ‘amber light' for significant problems including being possibly illegal, and needing to be shrunk or split, or be amended to allow individuals the right to opt out.
This group includes the NHS summary care record, the national childhood obesity database, the national pupil database and the automatic number-plate recognition system.
Phil Bridge, managing director of Kroll Ontrack, claimed that there is a need for the government to ensure compliance is at the forefront of all public sector database projects.
Bridge said: “The public sector's approach to databases is failing to address important compliance considerations at each step of the process. Compliance with human rights and data protection laws must be at the forefront of every IT project from the start. The projects highlighted in the report have received the red light too far into their implementation, wasting billions of pounds of public money.
“Granted, investing more time in the planning stage and regularly cross-checking an implementation strategy with legislation and policy may lengthen the period until completion. However, this investment would ultimately increase the likelihood of a project's successful delivery, the rate of which currently stands at an alarming 30 per cent.”
Chris Mayers, chief security architect at Citrix, said: “Incidents of data loss have become a worryingly regular occurrence. Now, on hearing that many databases that exist are poorly managed, fundamentally flawed and even potentially illegal, the public has every reason to fear for the security of their personal information.”