UK Liberty

Customer Information System

Posted in database state, relates to ordinary people by ukliberty on January 29, 2009

There was an article in yesterday’s Guardian about a little known public sector system called the Customer Information System:

This week’s activation of the ContactPoint children directory has provoked an outcry among opponents of the “database state“. As does almost every announcement about the National Identity Register and NHS National Programme for IT.

However, the database that underpins current plans for transformational government, in which different agencies routinely share data about individuals, has almost no brand recognition outside Whitehall.

Step forward the Customer Information System (CIS), the central repository of basic data on some 80 million individuals, alive and dead. The CIS was conceived in the 1990s as part of an upgrade of mainframe computer systems handling national insurance and social security systems – the “customer” in question generally has no choice in the matter. The exercise involved a massive clean-up of national insurance numbers, by which individuals are indexed in the system. At the time, the main driver was to cut the politically unacceptably high level of benefit fraud.

The CIS initially went live in 2006, at a cost of £88m. It is already used by HMRC, local authorities, the DVLA and the Legal Services Commission (to check entitlement to legal aid). Under the current transformation programme, it is to become the basic population register of the entire public sector, including the Identity and Passport Service. …

(Remember that the original proposal was to have a totally new database.)

ARCHrights spotted this item on a recent Department for Work and Pensions bulletin:

Regrettably checks have identified some LA staff are committing serious security breaches.

To be absolutely clear, and by way of reminder to all LA users accessing CIS, users should not

• access their own records or the records of friends, relatives, partners, or acquaintances
• make enquiries on behalf of colleagues in respect of their friends, relatives, partners, or acquaintances
• share their system, Government Gateway or other identity password with their colleagues
• access CIS for any unauthorised purpose

How lovely that this has to be made “absolutely clear”.


2 Responses

Subscribe to comments with RSS.

  1. Doctor_Wibble said, on January 31, 2009 at 3:31 pm

    I’m at something of a loss as to the password-sharing thing. Nosing through records is always a serious temptation but to then do it because someone asked? This is a long way beyond simple human curiosity.

    It’s good that the CIS is getting a bit more attention – it’s one thing for us to say “we knew about this”, but something else entirely when it is specifically pointed at in this way.
    In my own defence, it’s been on my IPS ‘picturing the setup’ diagram pretty much right from the start though I’m wondering if it might need a separate diagram of its own or at least greater significance. The diagram is somewhat overdue for an update – department name changes and shufflings etc – so this might be a sensible time to make that change.

  2. ukliberty said, on February 2, 2009 at 4:08 pm

    There is, as the ICO put it, a “perennial problem” with employees, in the public and private sectors, looking through private records for their own curiosity.

    As for password sharing, very often its done out of convenience, saving people the bother of logging in and out, or perhaps they believe access to something and can’t wait for proper authorisation (it’s rife in the NHS, apparently).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: