back to article Confidential report reveals ContactPoint security fears

An independent study on the previous government's controversial child protection database highlighted significant security and privacy risks. Deloitte found significant shortcomings in the security of the ContactPoint database when it evaluated the system back in 2008. But only a summary of its report was ever published prior …


This topic is closed for new posts.
  1. Ku...

    Unsafe practices should end regardless...

    Consultants were concerned that there was a security risk if PCs which were used to access Contact Point were then dumped or sold on eBay with a portion of the data still on the hard disk...

    Yes, this is why all companies, public authorities and, well, private citizens should ensure proper disposal procedures for thier redundant PC kit.

    We use 7 pass data wipe and drill all disks which won't wipe.

    In any case, councils and other public bodies are required to be bound by WEEE regs to ensure safe recycling of the old kit too.

    If those bodies using CP are following basic, legally mandated process and basic good practice, this is a non-issue.

    If they are not compliant with WEEE and DPA in the first place then this is a bigger issue and should be dealt with - by prosecution if necessary.

  2. Christoph

    What a surprise

    A huge database spread over hundreds of places and many thousands of people was bound to leak badly.

    And in other startling, up-to-date news, Mafeking has been relieved.

  3. Anonymous Coward
    Big Brother

    "52,000 at-risk children would have been shielded"?!?!?

    Wasn't the whole point of ContactPoint supposed to be the protection of children, and yet, according to the article, "52,000 at-risk children would have been shielded"!

    (No, that's not "shielded" BY ContactPoint, but "shielded" to be protected FROM ContactPoint. Seriously, that's what "shielding" is.)


    What's the flipping point of the thing if the children most in need of protection are shielded from ContactPoint itself?

    Talk about a dead giveaway.

    I've said it before, but I'll say it again: shielding is the smoking gun that proves that ContactPoint was never really about protecting children. What, then, is its real purpose? (Someone needs to ask Ed Balls, Labour leadership candidate, that question, and make him squirm.)



    Would Victoria Climbie have been "shielded"? What about Baby Peter? And other high profile cases?

  4. sheila

    Beware of Scots bearing federated databases

    There has been a lot of effort and money put in to promoting the myth that the Scottish system (eCare/ Getting it right for every child and other associated nasties) is less intrusive than the English:

    Sadly it is working.

    ECare set up an expert group on privacy principles (this blogpost reveals quite a lot):

    Almost everyone on this panel (or the law company they work for) has been involved in some capacity with the development of the eCare system or has obvious or not so obvious links to Microsoft. Objective? I think not.

    There it is a real possibility that the eCare/girfec model may be destined for wider roll-out . As one commentator recently put it :

    "It seems that this parallels the Poll tax.

    If something really smells, send it North for a trial. eCare is an EU programme , it appears, being test run on Scotland.

    The Scots rebelled over the Poll Tax, why not eCare? Or don't Scots care about losing all their privacy and freedom?

    Isn't it time for the clans to gather once more, and drive out the invading foreigner, determined to bring Scotland under the heel."

    This also allows the Tories to scrap Contactpoint as promised. How handy!

    Slightly out of date but still sound background here:

    1. John Smith 19 Gold badge


      You'll tak our homes, but no our we'ans details. *

      *Braveheart has a lot to answer for.

  5. Anonymous Coward
    Anonymous Coward

    Am I surprised?

    Quote - "One of the first actions for the department immediately after the election was to start shutting down ContactPoint."

    Interpretation - No more letting paedo's freely download kid's details as NuLiebore intended.

    Quote - "We are currently looking at ways of salvaging investment which went into the system..."

    Interpretation - No, they'll have to use a credit card.

  6. Ku...

    Misunderstaning CP

    Its a central database.

    It is accessible from many places.

    I have no idea what this "shielded" business means because all staff having access to that child have access to the record. So Baby P would have been "shielded" whatever that means but all staff having contact with that child would have access to the record.

    I love the hysteria about these things. One hand you don't want agencies to have the facilities to work together, but on the other hand I assume you don't want the 50+ children a year who are on the at risk register already but who still manage to die at the hands of a family member?

    The reason they wanted all kids on there, regardless of whether they were already working with social services, police, etc. or not is because they don't trust individual agencies to add the at risk children properly. So the police may add a record for Jim Smith, the social services add one for Jimmy Smith, NHS see a battered child called James Smith and nobody links the records...

    Its far more fashionable to call the whole thing a conspiracy when it is in fact simply data sprawl caused by the (admittedly dificult) job of tracking millions of people who are too young to have National Insurance numbers or other unique identifiers.

    You can use this as an arguement for a national identities register, but we've been there already.

    1. Anonymous Coward

      Shielding - tried Google?

      Googling "ContactPoint shielding" (without quotes) brings up plenty of helpful results. For example:

      You say, "I have no idea what this "shielded" business means because all staff having access to that child have access to the record. So Baby P would have been "shielded" whatever that means but all staff having contact with that child would have access to the record." Strange that you don't know what "shielding" is, and yet you then make assertions about it anyway as if you do know what it is.

      And no, you've got it wrong. "Shielding" specifically means that most staff won't have access to most of the details on record.

      You have got it exactly wrong.

      From the link above:-

      "In some extreme circumstances, the contact details of a child can be shielded or partially hidden on ContactPoint, so that only their name, date of birth and unique identifying number will be visible to most ContactPoint users. This would be to prevent the increased risk of significant harm to the child or an adult."

      Why not "shield" all children then? If "shielding" protects children, why only apply it to some?

      "Shielding a child's record means that professionals are not readily able to see who else is working with the child. This may result in work being duplicated or the child or young person not receiving the appropriate support because it is assumed other services are already involved when they are not."

      So, the most vulnerable children, those most in need of protection, will be "shielded" and therefore left at risk of just the kinds of failures as in the Victoria Climbie case - even though that's supposed to be the inspiration for ContactPoint in the first place!

      "Shielding" clearly contradicts the very point of ContactPoint. What does that tell us about ContactPoint?

      Why are you defending it?

    2. Graham Marsden

      Misunderstanding the point

      How many extra Social Workers would that £224 million pounds have paid for along with the £44 million running costs every year?

      *THAT* is what this money should have been spent on and it would have meant that the overworked and underpaid and demoralised people who are trying to do their job with totally inadequate resources and backup might be able to protect the children who so desperately need someone to look after their needs, rather than a Big Brother database which can record in exquisite detail how the system failed them...

  7. TkH11

    @KU... Disposal

    Legally mandated procedures for disposal of kit?

    A) probably would never happen


    B) if such legislation were passed I'm quite sure it wouldn't stop breaches of data by forcing the councils to follow the regulations, local government and most government departments are so fecking useless they'd continue to break the rules, the law (just as they currently do with data protection legislation) and they wouldn't be prosecuted for it.

    Name me one government organisation which has been prosecuted for breaches of the data protection act? And how many serious data breaches have there been in recent years?

    The incumbent government very rarely prosecutes departments/agencies of itself.

    They look after and protect each other and that comes first regardless of what the law says and for whose protection the law was created for (us!) in the first place.,

  8. TkH11


    The idea of 'shielding' data is a recognition that there are serious flaws in the security of the system, that because so many people had access to the database, some data was bound tobe leaked, that officials would conduct searches for details on children which they had no business doing. MPs were worried about their private details, the details of their children could be accessed by any of the 300,000 people (or whatever the correct figure was) with access to the database, and so the concept of shielding was born.

    It's also intended to be used for the records of children whose parents are VIPS, celebrities etc.

    Now, whilst MP's might like to dress it up by claiming there's a requirement for at risk children, children at risk of say one parent in a divorced family from threatening officials, from bribing officials to coerce them to search for details on their children and mother's whereabouts, I think we all know that the idea came to life as a way to give further protection to the details of MPs and their children...because they didn't trust the security of the system themselves!!

    It's a recognition that the security of the system (and i mean here the people,the processes not just the security of the IT system) wasn't good enough.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020