Committee (3rd Day) (Continued)
20:37
Amendment 86
Moved by
86: Clause 33, page 32, line 31, leave out from “behaviour”” to end of line 33 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
Baroness Buscombe Portrait Baroness Buscombe (Con)
- Hansard - - - Excerpts

My Lords, this group consists of mainly technical amendments to make sure the Bill works in the way it is meant to. Although they are technical, they are important. They fall into four broad subject areas: whistleblowing and journalistic freedoms; the meaning of “anti-social behaviour”; references to the Investigatory Powers Act; and the description and powers of devolved authorities.

In relation to whistleblowing and journalistic freedom, the first series of amendments relates to the new criminal sanctions for unlawful disclosure of personal information disclosed under the powers. Concerns were raised that the clauses as drafted could criminalise disclosures made by whistleblowers and journalists making disclosures in the public interest. This was never the Government’s intention. These amendments make sure that disclosures made by whistleblowers and journalists will not be subject to criminal sanctions.

There is a distinction here in terms of how the amendments address HMRC information and non-HMRC information. In respect of non-HMRC information, the amendments introduce additional exemptions to the general prohibition on further disclosure to cover “protected disclosures” under the Employment Rights Act 1996, which will protect whistleblowers pursuing the proper channels for disclosure. Disclosures made for the purposes of journalism are also removed from the criminal sanctions, provided that the disclosure is in the public interest.

There are already separate provisions in each of these chapters for personal information disclosed by HMRC. These amendments make clear that the criminal sanction for unlawful disclosure applies only to an official who wrongfully discloses HMRC information outside the permitted scope of the information gateways in Part 5 of the Bill at Chapters 1, 3, 4 and 5. This brings the provision into line with HMRC’s statutory regime in the Commissioners for Revenue and Customs Act 2005 and its other statutory information gateways.

I am conscious that the noble Lords, Lord Stevenson of Balmacara and Lord Collins of Highbury, have two amendments that relate to this section, Amendments 138A and 146A. I suggest that I reply to those amendments separately after hearing from noble Lords.

The second series of amendments concerns the definition of anti-social behaviour. Chapters 1, 3, 4 and 5 of Part 5 all contain a general rule restricting the use of information disclosed under these powers to the particular purpose for which it was shared and a general prohibition on further disclosure. There are a number of exceptions to these rules. A previous amendment added an exception enabling disclosures made for the prevention of anti-social behaviour. The definition as currently drafted needs to be adjusted to work in Scotland and Northern Ireland. These amendments provide a revised definition that works across the UK.

In relation to reflecting the enactment of the Regulation of Investigatory Powers Act, the third series of amendments is also minor and technical in nature. The public service delivery, debt, fraud, research and statistics clauses provide that information cannot be disclosed under these powers if that would contravene the Data Protection Act 1998 or if it is prohibited by Part 1 of the Regulation of Investigatory Powers Act 2000—commonly known in your Lordships’ House as RIPA. The Investigatory Powers Act 2016 received Royal Assent last December and will replace RIPA. These amendments replace the references to RIPA with references to the equivalent provisions in the IPA, with a provision for RIPA until that Act is fully in force.

Regarding devolved public authorities, the final series of amendments facilitates information sharing across the United Kingdom, including by and with public authorities in devolved Administrations. The amendments broadly fall into two categories, which I will take in turn. The first category provides personal information disclosed by Revenue Scotland and the Welsh Revenue Authority with equivalent protection to that given by Clause 60 to personal information disclosed by HMRC. In order to protect information relating to taxpayers, these two new clauses provide, as is the case for personal information disclosed by HMRC, that persons who are processing Revenue Scotland or Welsh Revenue Authority information cannot further disclose that information without the consent of Revenue Scotland or the Welsh Revenue Authority, as applicable. Secondly, reflecting the Government’s amendments to Clause 60, the amendments provide that persons who receive Revenue Scotland or Welsh Revenue Authority information under Clause 57(1) also cannot further disclose that information with the consent of Revenue Scotland or the Welsh Revenue Authority, as applicable.

Amendments 171 and 172 are consequential amendments to those tabled separately in respect of preventing unlawful disclosures under the research power. The first of these amendments is necessary to ensure that the separate safeguards regime for HMRC that has been maintained throughout Part 5 also applies to the criminal offence as amended. The second ensures that the separate arrangements for HMRC will be mirrored in respect of Revenue Scotland and the Welsh Revenue Authority.

The second category ensures that the definition of “Welsh body” in Part 5 is consistent with the definition of “devolved Welsh authority”, as will be enacted by the Wales Bill. The amendments will ensure that no devolved Welsh authority will be inadvertently excluded from the relevant Part 5 powers. The amendments also provide for Welsh Ministers to commence the provisions which relate to the disclosure of information by the Welsh Revenue Authority. This reflects the fact that the Welsh Revenue Authority is not yet operational. I beg to move.

20:45
Lord Stevenson of Balmacara Portrait Lord Stevenson of Balmacara (Lab)
- Hansard - - - Excerpts

My Lords, I thank the Minister for a very well-read response to the questions we all had about these technical amendments, although some of them were not quite technical of course. In terms of the four categories, I listened to three very carefully, and I will read what she said in Hansard, but we have no further comments to make on them at this stage.

She touched on the issue in relation to which we have two amendments down. I am grateful to the Government for responding so quickly to the discussion in another place on this issue, because as originally drafted, the Bill would have criminalised disclosures by whistleblowers and investigative journalists revealing matters of legitimate public interest. The point was picked up and discussed at some length, and had attracted interest from a wide range of people such as Sir Peter Bottomley and Helen Goodman, who raised it. The Minister in another place undertook to take it back, and we have now had the amendments put forward.

Those of your Lordships who have bothered to read the amendments in Clauses 50 and 51 will recognise that the wording is very similar in both cases. The difference, narrowly put, is that the amendment that we were advised would take the trick in this area included not just print journalism but also broadcast journalism. I am not certain whether that is necessary or not, but the Government have come forward with a slightly narrower point of view. I think we agree the aim, and it may just be a question of the correct wording, so unless there is any particular issue, we can do this either by correspondence or perhaps in a quick meeting, and I do not think there is anything on this point that need detain the Committee further. We are agreed and are delighted that the Government are making the move. It is just a question of trying to use what time we have to make sure that we have absolutely nailed it down completely.

Having said that, what has proved difficult in other pieces of legislation is how one defines whistleblowers. There is no attempt to do that here; the test is simply whether or not what has been disclosed was in the public interest. Again, there might just be something around that where we might look at other discussions and come back on it. But for the moment, I will leave it.

Baroness Buscombe Portrait Baroness Buscombe
- Hansard - - - Excerpts

I thank the noble Lord for that. The opposition amendment makes specific reference to broadcast transmission when the government amendment on this topic does not. However, the word “publication” in our view can be construed sufficiently broadly to cover broadcast media. Section 32(6) of the Data Protection Act 1998 provides that:

“For the purposes of this Act ‘publish’, in relation to journalistic … material, means make available to the public or any section of the public”.


The ICO guidance on this indicates that publication for these purposes would therefore cover broadcast. As a result these additional changes are not necessary.

Lord Stevenson of Balmacara Portrait Lord Stevenson of Balmacara
- Hansard - - - Excerpts

It is quite an interesting point. The world has moved on since those original drafts, and we have to think a bit more carefully about what happens on YouTube and whether disclosure on social media will be covered by this. I do not dissent from what is being said but would just like to be certain that we have used this opportunity, which may not come again, to make sure we have this nailed.

Baroness Buscombe Portrait Baroness Buscombe
- Hansard - - - Excerpts

I thank the noble Lord for what he has said and absolutely understand where he is coming from.

Amendment 86 agreed.
Amendment 86A
Moved by
86A: Clause 33, page 32, line 35, leave out “or 31” and insert “, 31 or (Disclosure of information to water and sewerage undertakers)”
Amendment 86A agreed.
Amendment 87 not moved.
Amendment 88 had been withdrawn from the Marshalled List.
Amendment 88A
Moved by
88A: Clause 33, page 32, line 44, at end insert “or (Disclosure of information to water and sewerage undertakers)”
Amendment 88A agreed.
Amendment 89 not moved.
Amendments 89A to 91B
Moved by
89A: Clause 33, page 33, line 7, leave out “section 30, 31 or 32” and insert “any of sections 30 to (Disclosure of information by water and sewerage undertakers)”
89B: Clause 33, page 33, line 12, leave out “section 30, 31 or 32” and insert “sections 30 to (Disclosure of information by water and sewerage undertakers)”
90: Clause 33, page 33, line 15, leave out from “by” to end of line 16 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.”
91: Clause 33, page 33, line 16, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (8)(b) has effect as if it included a reference to that Part.”
91A: Clause 33, page 33, line 17, leave out “Section 30, 31 or 32 does” and insert “Sections 30 to (Disclosure of information by water and sewerage undertakers) do”
91B: Clause 33, page 33, line 18, leave out “that section” and insert “those sections”
Amendments 89A to 91B agreed.
Amendments 92 and 93 not moved.
Clause 33, as amended, agreed.
Clause 34: Confidentiality of personal information
Amendment 93A
Moved by
93A: Clause 34, page 33, line 20, leave out “section 30, 31 or 32” and insert “any of sections 30 to (Disclosure of information by water and sewerage undertakers)”
Amendment 93A agreed.
Amendment 94 not moved.
Amendment 94A
Moved by
94A: Clause 34, page 33, line 25, leave out “section 30, 31 or 32” and insert “any of sections 30 to (Disclosure of information by water and sewerage undertakers)”
Amendment 94A agreed.
Amendment 95 and 96 not moved.
Amendment 97
Moved by
97: Clause 34, page 33, line 35, at end insert—
“( ) which is a protected disclosure for any of the purposes of the Employment Rights Act 1996 or the Employment Rights (Northern Ireland) Order 1996 (SI 1996/1919 (NI 16)),( ) consisting of the publication of information for the purposes of journalism, where the publication of the information is in the public interest,”
Amendment 97 agreed.
Amendment 98 not moved.
Amendment 99
Moved by
99: Clause 34, page 33, line 43, leave out from “behaviour”” to end of line 45 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
Amendment 99 agreed.
Amendment 100 not moved.
Amendment 100A
Moved by
100A: Clause 34, page 34, line 22, leave out “or 31” and insert “, 31 or (Disclosure of information to water and sewerage undertakers)”
Amendment 100A agreed.
Clause 34, as amended, agreed.
Clause 35: Information disclosed by the Revenue and Customs
Amendments 100B to 102
Moved by
100B: Clause 35, page 34, line 25, leave out “or 31” and insert “, 31 or (Disclosure of information to water and sewerage undertakers)”
101: Clause 35, page 34, line 25, leave out “(“P”)”
102: Clause 35, page 34, leave out lines 26 and 27 and insert “by that person”
Amendments 100B to 102 agreed.
Clause 35, as amended, agreed.
Amendments 103 and 104 not moved.
Amendment 105
Moved by
105: After Clause 35, insert the following new Clause—
“Cyber-security reporting
(1) The Companies Act 2006 is amended as follows.(2) After section 416 insert—“416A Contents of directors’ report: cyber-security(1) The directors of a company must prepare a cyber-security report for each financial year setting out measures the company is taking to address cyber-security risk.(2) This report should include—(a) cyber-security audits undertaken by the company,(b) details of breaches notifiable under the General Data Protection Regulation,(c) measures in place to ensure the confidentiality and integrity of data processing systems, and(d) processes in place to test and evaluate data protection measures and information technology systems.(3) Cyber-security audits must be undertaken by organisations accredited by the Secretary of State.(4) The cyber-security report must be approved by the board of directors and signed on behalf of the board by a director or the secretary of the company.(5) If a report is approved that does not comply with the requirements of this section, the directors commit an offence.(6) A person guilty of an offence under this section is liable on summary conviction to a fine.””
Lord Arbuthnot of Edrom Portrait Lord Arbuthnot of Edrom (Con)
- Hansard - - - Excerpts

My Lords, I draw noble Lords’ attention to my interests in the register, particularly to the fact that I am chairman of the Information Assurance Advisory Council, chair of the advisory board of Thales UK and a member of the advisory board of IRM, among other cyber-interested companies.

This Bill is about the digital economy, but it contains very little mention of security. Yet cybersecurity is essential, both to the proper functioning of the internet, on which we so rely, and to the trust we place in the digital economy. Global research has been done by the Information Systems Audit and Control Association of the United States of America, and I am indebted to it for its help on these amendments. That research has shown that two-thirds of chief executives of major corporations do not have confidence in their workforces to deal with anything beyond the simplest of data breaches. We all know that there has been no shortage of high-profile data breaches on both sides of the Atlantic over the last 12 months. That has damaged the economic performance of companies and their stock price, and has significantly reduced consumer and business confidence.

I congratulate the Government on making real progress in this area. They have introduced Cyber Essentials, which has been helpful in boosting implementation of cyber controls. I suggest, though, that the uptake of Cyber Essentials has been disappointing. It is not always a requirement that companies observe even the relatively low level of assurance that Cyber Essentials suggests. I use the word “suggests” because of course it is not compulsory. Equally, the new cybersecurity strategy has brought £1.9 billion into developing a capability across the whole of society to address everything from the biggest companies to individual citizens. The Minister of State for Digital and Culture recently indicated in another place that the Government intend to implement the General Data Protection Regulation in full. That is a good thing, but I very much doubt that businesses—and probably even government departments—are anywhere near ready for the GDPR, nor as far along as they really should be by this stage.

In view of the existential nature of our reliance on cyber nowadays, I therefore suggest that we need to go further. Consumers, investors, executives and government alike all need confidence that businesses are taking appropriate steps to safeguard their data and their IT systems—and those of their supply chains as well—from malicious activity. So, I have decided to be helpful. I propose these amendments, which introduce the notion of a cyber audit. They are probing amendments: their wording creates obligations that are perhaps more imperative than I would like to see, because I believe we should start with encouragement rather than requirement.

Everyone is now accepting of, and accustomed to, the notion of external independent financial audits, which have become the norm throughout the world. I believe that a similar approach now needs to be followed in relation to cybersecurity. My suggestion is that we should undertake cyber audits—perhaps as part of financial audits, or perhaps separately; it does not really matter. Those audits could be based on standards that could be evolved by industry, rather than by government, because government legislation never manages to keep up with the astonishing pace of technological change. These cyber audits should include external stress tests of a company’s cybersecurity in areas such as email, and possibly even in relation to a company’s products.

I think the entire House knows that, in 2013, the Target chain of 1,800 stores in the United States of America was hacked by people who broke into its air conditioning system, which was supplied by a third party. Everybody knows about last autumn’s botnet attack by rogue webcams. So if we did this and went for cyber audits, we could gradually begin to address the issue of cybersecurity, so that over time no longer would it create quite the existential threat that it does now. It would need to start on a voluntary basis and be driven by business, not by government, but, in time, I believe it would spread internationally, so that the United Kingdom would not be disadvantaged in competitive terms. It would also ensure that the United Kingdom was in the vanguard of global best practice. I beg to move.

21:00
Baroness Jones of Whitchurch Portrait Baroness Jones of Whitchurch (Lab)
- Hansard - - - Excerpts

I expected more people to be inspired by the contribution of the noble Lord, Lord Arbuthnot, and to join in the debate. I am rising to give my support to Amendments 105 and 106 and to thank the noble Lords, Lord Arbuthnot and Lord Carlile, for highlighting this simple failure in company policy, which can lead to much bigger dangers and threats. As the noble Lord said, it can have commercial implications, personal privacy implications and, ultimately, national security implications. While we all have a part to play setting the highest standards of data protection, it is true that all too often we put the focus on national Governments without recognising the equal responsibilities of the private sector and private companies to play their part. This is particularly vital, given the number of private sector organisations which access data for government contract work. However, it also extends into other realms of commercial activity, such as commercial personal profiling, in which companies build vast data banks of our shopping habits, our friends, our movements—literally, where we are moving around in cities and towns—and our vulnerabilities, all of which have huge value both in their own hands and in the hands of cyber-thieves. These are issues which we have also flagged up in other amendments tabled today, and we have tried to build in more safeguards. My noble friend Lord Collins has said that we believe that individuals should have the right to know what information is being held about them, for example. They should have the right to be able to withdraw permission for the data to be held, and they should have the right to know immediately if a data breach has taken place.

We welcome the amendments, which would begin to address some of our concerns, by putting a straightforward obligation on companies to prepare a cybersecurity report each year, detailing the measures being taken to ensure that data are being kept safely. It is a simple ask, and it should not really be necessary, but the all too frequent security breaches taking place underline why a legal requirement has to be imposed. An Institute of Directors report last year showed that companies tend to keep quiet when there has been a security breach. As a result, there are no accurate figures on the extent of this crime, or the extent to which companies are being held to ransom. A survey of business leaders found that only half had a formal strategy in place to protect themselves and just 20% held insurance against an attack. Yet we also know that companies are also losing confidence in their encryption systems, their staff capabilities and awareness and the ability of their software to withstand a deliberate assault.

This is a huge issue. Of course, we have a vested interest in sorting this out, as often it is our personal data which are being stolen. But on a wider sphere it impacts on everything from company finances to sensitive market data and research and development. So we very much welcome the initiative set out in these amendments, and agree with the noble Lord, Lord Arbuthnot, that they are helpful. In itself, they will not completely solve the problem, but they represent another small step in getting companies to act responsibly in managing the data that they hold.

Lord Keen of Elie Portrait The Advocate-General for Scotland (Lord Keen of Elie) (Con)
- Hansard - - - Excerpts

My Lords, Part 5 of the Bill requires public authorities and specified persons to specify and meet specific legislative conditions and controls on the handling of personal information. As I have said on a number of occasions this evening, these provisions will be underpinned by codes of practice setting out data security requirements, including cybersecurity. A body that fails to meet these could be prevented from using the data-sharing powers. That is the context in which I turn to Amendments 105 and 106.

Amendment 105 would require all but the smallest of companies to conduct audits on their cybersecurity and to report annually on it and their data protection measures. Clearly, the Government recognise that effective cybersecurity risk management is important to the success of the economy and, indeed, to ensuring the safety and integrity of private citizens’ data. The Government conducted the Cyber Security Regulation and Incentives Review in 2016 to consider whether we need additional regulation or incentives to boost cyber risk management in the wider economy and it showed strong justification for regulation to secure personal data.

The Government will seek to improve cyber risk management through our implementation of the EU general data protection regulation in May 2018. Its requirement to report breaches to the Information Commissioner and individuals affected, and the fines that can be issued under it, will represent a significant improvement. These will be supplemented by a number of measures to more clearly link data protection with cybersecurity, including through closer working of the Information Commissioner and the National Cyber Security Centre. However, we will not seek to pursue further general cybersecurity legislation for the wider economy as would be required by Amendment 105.

We believe that mandating the inclusion of cyber risk information in annual reports, or the introduction of legal provisions for cyber audit, is unlikely to be an effective way of encouraging large-scale change in cyber risk management. Instead, the National Cyber Security Centre plans to work with stakeholders to develop guidance for investors. The long-term aim of the organisation is to include cybersecurity in the guidance it provides to businesses on the kind of information it wants to see in an annual report, and in the reports it provides to investors each year on every listed company.

Amendment 106 is very broad in its aims and, as such, could have unintended consequences for the diverse range of grants that the Government fund each year. The supporting audit and insurance regime would be costly and challenging to enforce given the diversity of grant recipients, including those from voluntary and research communities. Furthermore, this amendment is unnecessary as many of these checks are in place as a matter of routine. The level of cybersecurity risk in grants will continue to be monitored and consideration given to how recently launched grant standards could be used to strengthen guidance in this area. This provides a far more flexible and proportionate solution than legislation.

With respect to subsection (2) of the proposed new clause in Amendment 106, the Government are already taking tangible steps to reduce the level of cybersecurity risk in their supply chain. As of October 2014, suppliers of central government contracts that involve the handling of personal data or the supply of IT products and services must demonstrate they have met the technical requirements set out as part of either the government-owned Cyber Essentials scheme or a suitable equivalent. The scheme was developed jointly with GCHQ and industry to support organisations of all sizes and across all sectors in getting a good, basic level of online security in place. In response to my noble friend Lord Arbuthnot I would observe that, as of the end of December 2016, nearly 5,500 certificates had been issued under the scheme, and we have a strategy in place to significantly increase the adoption of the scheme over the coming year. With that explanation, I hope my noble friend will withdraw his amendment.

Lord Arbuthnot of Edrom Portrait Lord Arbuthnot of Edrom
- Hansard - - - Excerpts

My Lords, I am grateful to my noble and learned friend for his comments. From what he says I suspect that the Government are not quite there yet. However, I hope that my amendments will help to encourage them along a path of some form of regulation in this area. I suspect that the arguments my noble and learned friend used were similar to those that were first used when financial audit was suggested. However, I am grateful for what he has said. I am also particularly grateful to the noble Baroness, Lady Jones, for what she said and for the gracious way in which she said it. However, my amendments were aimed not so much at government as at business. I suspect that this will be part of a long-term campaign, so, with those words, I beg leave to withdraw the amendment.

Amendment 105 withdrawn.
Amendment 106 not moved.
Clause 36: Code of practice
Amendment 106A
Moved by
106A: Clause 36, page 34, line 42, leave out “section 30, 31 or 32” and insert “any of sections 30 to (Disclosure of information by water and sewerage undertakers)”
Amendment 106A agreed.
Amendment 107 not moved.
Amendment 107A
Moved by
107A: Clause 36, page 35, line 5, leave out “section 30, 31 or 32” and insert “any of sections 30 to (Disclosure of information by water and sewerage undertakers)”
Amendment 107A agreed.
Amendments 107B to 110 not moved.
Clause 36, as amended, agreed.
Amendment 111 not moved.
Clause 37 agreed.
Clause 38: Interpretation of this Chapter
Amendments 112 and 112A
Moved by
112: Clause 38, page 37, line 36, leave out paragraphs (a) and (b) and insert—
“( ) a devolved Welsh authority as defined by section 157A of the Government of Wales Act 2006, or( ) a person providing services to a devolved Welsh authority as defined by that section.”
112A: Clause 38, page 38, line 11, at end insert—
“( ) References in this Chapter to people living in water poverty are to be construed in accordance with section (Disclosure of information to water and sewerage undertakers) (5).”
Amendments 112 and 112A agreed.
Clause 38, as amended, agreed.
Clause 39: Disclosure of information by civil registration officials
Amendment 113
Moved by
113: Clause 39, page 38, line 23, leave out from “that” to end of line 26 and insert—
“(a) the authority or civil registration official to whom it is disclosed (the “recipient”) requires the information to enable the recipient to exercise one or more of the recipient’s functions, and(b) the data subjects whose information is being disclosed have given valid consent under data protection legislation.”
Lord Clement-Jones Portrait Lord Clement-Jones (LD)
- Hansard - - - Excerpts

My Lords, I wish to speak also to Amendment 116.

This issue is extremely straightforward. My remarks may anticipate some of the points that the noble Baroness, Lady Byford, will make in due course on the clause stand part question, for which we have considerable sympathy. However, we on these Benches and many others outside the House are deeply concerned that Chapter 2 of Part 5 contains no safeguards against bulk copying of civil registration data. We accept the case for a power to disclose civil registration information where an individual has consented. A citizen should, of course, be able to choose to let the registrar inform other bodies of changes. However, new Section 19AA in Clause 39(2) appears to remove any limit to copying registration data in bulk. As regards the draft civil registration code of practice, there appears to be no explicit limit on that sharing of data in bulk, and certainly no requirement for individual consent. Therefore, the essence of this amendment is quite simply to require that there should be express consent of the data subject.

As regards Amendment 116, approximately 1.3 million births and deaths are registered each year under legislation dating back to 1953, which consolidated provisions going back to the start of civil registration in 1837. In 2009, a system was introduced to allow registrars to register births and deaths electronically but it is the hard copy which this generates which is the legal copy that will be used to issue the certificates. Registrars also have to use the electronic system to submit an electronic copy of each event to the superintendent registrar. Primary legislation is required to make the electronic copy the legal copy and to remove the need for paper altogether, although individuals could still order hard-copy certificates should they so choose.

It has been estimated that such a move would save the local registration service and the Home Office around £2.5 million a year, primarily through removing the routine creation of registers containing loose-leaf, watermarked registration documents. Local authorities currently have to pay to store hard copies of all documents, so the change would reduce future storage costs. Provided that sufficient checks are in place, electronic documents are more secure than paper ones, which is particularly important when loose-leaf documents are being moved.

I hope that I have made the case for this amendment, which is very much supported by many in this field, and I hope that the Minister will look favourably on it. I beg to move.

21:15
Baroness Byford Portrait Baroness Byford (Con)
- Hansard - - - Excerpts

My Lords, my opposition to Clause 39 standing part of the Bill forms part of this group. I have listened carefully to what the noble Lord, Lord Clement-Jones, has just said. I come to this from a slightly different angle but the conversation goes round and round in a circle, and here we are trying to introduce protections again.

I tabled my opposition to the clause for probing reasons. I wonder whether it is possible to have examples of when and why a civil registration authority would disclose information. The definition in new Section 19AA(6)(e), introduced in Clause 39, lists as civil registration officials those local authority classifications which also appear as specified public authorities. Do the disclosure powers mean therefore that a civil registration official in, for example, my home county of Leicestershire may disclose information to other personnel employed within the county council, or do they empower him to disclose information to any or all of the other specified public authorities? From my reading of the subsection, that is not quite clear.

Would the regulations be used to divulge information specific to a person or perhaps a family, or could they ever cover everything registered at a particular time or relating to a particular location? For example, why would the NHS have an interest in receiving such information?

Could this chapter result in a large-scale information exchange between civil registration officials and public authorities using the internet? If so, how will such data be protected both in transit and at the receiving end? Do all public authorities use the same methods to guard against data theft and hacking? I shall be interested to hear the Minister’s response.

Baroness Hamwee Portrait Baroness Hamwee (LD)
- Hansard - - - Excerpts

My Lords, perhaps I may ask a couple of questions which arise from the fact sheet on this issue. On civil registration, it says:

“The Bill establishes a framework, with appropriate safeguards, to share bulk registration information where there is a clear and compelling need”.


I wonder whether the Minister can help the Committee in understanding where that is translated into the Bill. The fact sheet also says:

“There are no intentions to share data with the private sector or for data to be used for any commercial purposes”.


It then goes on to say that,

“the powers would not permit this”.

However, I am sure that the Minister will understand my querying the words “no intentions”, because they suggest that there could be a change, and possibly one with which Parliament is not hugely involved. I am going to assume that the points made by the Delegated Powers and Regulatory Reform Committee are in the rather large pile of items that it raised and which the Government will reply to before Report, so I am referring to that only in passing, but it would be very helpful to understand how the points in the fact sheet, which is where many people would start, move over into the legislation.

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

My Lords, the proposals in Chapter 2 of Part 5, which are being addressed here, will ensure that citizens are able to access future—can I have a moment to sort out my own speaking notes?

Lord Maxton Portrait Lord Maxton (Lab)
- Hansard - - - Excerpts

While the Minister is doing that, can I ask whether this amendment covers Scotland? He is replying as the noble and learned Lord, Lord Keen of Elie. Registration of births, deaths and marriages was not introduced in Scotland until 1855 rather than 1837—I think—so does this amendment cover Scotland?

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

I believe it was 1836 in England not 1837.

Lord Maxton Portrait Lord Maxton
- Hansard - - - Excerpts

It was 1855 in Scotland.

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

It does not extend to Scotland. It is a provision pertaining to England and Wales. I am obliged to the noble Lord for giving me time to find my place in my notes. It is greatly appreciated.

As I said, the proposals in Chapter 2 of Part 5 will ensure that citizens are able to access future government digital services efficiently and securely, while removing the current reliance on paper certificates. I will address the two amendments first before addressing the clause stand part aspect of this debate.

Amendment 113 would add a requirement for a civil registration official to be satisfied that the information is required by a recipient to fulfil one or more of their functions before disclosing data and also seeks to add a requirement that an individual must have given valid consent under data protection legislation prior to any disclosure of their personal data. With respect, this amendment is unnecessary because disclosure of personal data under these clauses will already be subject to the provisions of the Data Protection Act. To require explicit consent in all cases would exceed the requirements of the Data Protection Act and the purpose of this clause. Disclosure will take place without consent only if to do so would be consistent with the Data Protection Act, which governs fair disclosure. Examples of how the powers would be exercised in practice include allowing registration officials to disclose information within and across local authority boundaries in order to safeguard children. Being able to share information will ensure that children are known to the local authorities in which they reside and action can be taken to address any needs of the child or the parent. That is what lies behind this matter.

Amendment 116 seeks to amend the Births and Deaths Registration Act 1953 to introduce an electronic register for the registration of births and deaths. However, the proposed amendment to Section 25 of the 1953 Act as currently drafted does not go far enough. The legislation which provides for the registration of births and deaths is based on legislation in place in 1836—or 1837—and very little has changed to the process of registering births and deaths since then. The Act would need more amendment in order to introduce an electronic register. Moving to an electronic register would remove the requirement for hard-copy registers and the electronic register of births and deaths would be the legal record instead of the paper registers. It is certainly an area of reform that the Government are keen to take forward. However, we need more time. I reassure noble Lords that the Government will look in more detail at what changes need to be made to the Act in order to bring in this change and we will consider legislating in due course. We recognise the benefits that the noble Lord, Lord Clement-Jones, suggested could be achieved once that entire process is completed. In light of those points, I hope that the noble Lord will agree not to press that amendment.

I turn to my noble friend Lady Byford and her opposition to the clause standing part of the Bill. Unless there is a specific statutory gateway, information from the records of births, marriages, civil partnerships and deaths may not be disclosed by registration officials other than in the form of a certified copy of an entry, such as a birth or death certificate, on payment of the statutory fee. As I have indicated, the system is outdated and based on paper processes from the 19th century. This clause introduces new data-sharing powers that allow registration officials to share data from birth, death, marriage and civil partnership records with public authorities for the purposes of fulfilling their functions. However, only the minimum amount of data will be provided to enable the public authority to fulfil the function.

My noble friend asked for examples of the benefits of sharing such registration data. Being able to share data about deaths with local authorities would assist in combating housing tenancy fraud. The National Fraud Authority estimates that housing tenancy fraud costs local authorities £845 million each year. An example of this is when someone continues to live in a property following the death of the tenant even when they have no right to do so. The sharing of birth data within the local authority would assist social services, for example, if they wanted to engage with one of the parents in the interests of a child. Sharing marriage data would help to target those living together if there were a fraudulent claim to be single for the purposes of claiming benefits. Sharing death data within local authorities would help them to recover medical equipment following the death of an individual.

There are many examples where such data sharing would be of assistance. It paves the way for citizens to access government services more conveniently, efficiently and securely, for example, by removing the current reliance on paper certificates to access services. This will provide more flexibility and will modernise how government services are delivered. An example is where registration officials will be able to share data on births that have occurred in one district, but where those concerned live in a neighbouring district with no hospital. This would allow local authorities more accurately to plan the provision of health care, school planning and other local services. Being able to share death data across boundaries will also help to prevent unwanted mail being sent to the family of a deceased person.

Registration officials will be able to share registration data only with the public authorities defined in new Section 19AB of the Registration Service Act 1953. Any data sharing will of course be carried out strictly in accordance with the requirements of the Data Protection Act. The sharing of registration data will be underpinned by a statutory code of practice as required by Section 19C. One of the requirements in the code will be that the Registrar-General must personally approve any request for the sharing of large amounts of data.

Before data are shared, the code of practice requires privacy impact assessments and data-sharing agreements to be drawn up and agreed with public authorities to include such things as how data are to be used, stored and retained. Data will be able to be used only for the purpose they have been provided and retained only for as long as necessary. Data-sharing agreements will forbid the creation of a database or the linking of registration data in any way. Any breach would be reported to the Information Commissioner, who has the power to impose penalties where it is appropriate to do so. I hope that that deals with the fears expressed about the bulk use of such registration data.

Lord Clement-Jones Portrait Lord Clement-Jones
- Hansard - - - Excerpts

My Lords, I am not sure whether the Minister has dealt with the questions raised by my noble friend.

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

I apologise for omitting to respond to the questions asked by the noble Baroness, Lady Hamwee, by reference to the fact sheet. Rather than poring over the provisions of the Bill, I will undertake to write to her pointing out the cross-reference between the terms of the fact sheet and the relevant provisions in the Bill. I will place a copy of that letter in the Library.

21:30
Lord Clement-Jones Portrait Lord Clement-Jones
- Hansard - - - Excerpts

My Lords, I thank the Minister for his response, but I am a little bit baffled. Here we are—and I am talking here particularly with reference to Amendment 116—discussing the Digital Economy Bill. It should be doing what it says on the tin. I put forward, in my name and in the name of my noble friend Lady Scott, who is the inspiration behind the amendment, something that would make sure that it was the electronic copy that was the legal copy. Here is the Minister saying—and I do not think I have ever had a Minister say this to me—that the amendment does not go far enough. That is a very joyous response, but on the other hand he wants more time and “it will all happen in due course”. This is the Digital Economy Bill: what other opportunity are we going to have to ensure that our Registrar-General and so on—the General Register Office and local authorities—are under a legal obligation to hold electronic copies rather than the old, steam-driven paper copies? We have been doing this since 1837 or 1836, as we heard earlier. Is it not about time that we changed our practices, and is it not possible that we have been cooking up an amendment over the last 50 years that might suit the book and be able to appear on Report? That is my response on Amendment 116.

My response on Amendment 113 is a little bit dustier. I have read the code of practice, and I accept the Minister’s assurances; throughout this process he has given a lot of assurances about the impact of the Data Protection Act. There is no doubt about that: either explicit consent or, where no explicit consent is given, it is in accordance with the Data Protection Act and so on. There are some very worthy purposes in terms of data sharing: safeguarding children was an absolutely splendid example for the Minister to produce, and he produced some very good examples to the noble Baroness, Lady Byford, as well. Of course, there are some very good examples, but the code of practice is very opaque in that respect. It really does not get into any of that kind of worthy purpose: it simply talks about disclosing in accordance with the Data Protection Act. I looked through when the Minister was talking to see whether it was the Registrar-General who was the one person who was going to authorise disclosure, and it seemed to me that there were an awful lot more people who were authorised to disclose than simply one person.

There is something defective about these codes of practice. They seem to be far too bland and they do not give the public the reassurance that they should. We have talked about public trust right across the Committee, and the fact is that the reason why so many amendments have come forward from a variety of different sources to this part of the Bill is precisely that lack of trust. I suggest that the Minister and his colleagues look again at whether these codes of practice are doing their job.

That is another reason why, at the end of the day, these codes of practice should be approved by Parliament. That has also been a running theme of the Delegated Powers and Regulatory Reform Committee, which had it absolutely right in every single chapter that it dealt with. These codes of practice should be approved by Parliament. Otherwise, I do not believe that the Government are going to build that public trust in this data sharing, which is absolutely essential. The Minister should look again at that aspect, but in the meantime, having given the Minister a hard time at this time of night, I beg leave to withdraw the amendment.

Amendment 113 withdrawn.
Amendments 114 and 115 not moved.
Clause 39 agreed.
Clause 40 agreed.
Amendment 116 not moved.
Clause 41: Disclosure of information to reduce debt owed to the public sector
Amendment 117 not moved.
Clause 41 agreed.
Amendment 117A
Moved by
117A: After Clause 41, insert the following new Clause—
“Data sharing for the purpose of supporting better debt management
In addition to the purposes set out in section 41(3), information about debt may be shared by specified persons under this Chapter for the purpose of helping individuals to manage their debts, including by provision of a breathing space.”
Lord Stevenson of Balmacara Portrait Lord Stevenson of Balmacara
- Hansard - - - Excerpts

My Lords, in an idle moment, a moment of complete frivolity, I looked up GOV.UK to check facts—I thought that would be a useful contribution to the debate. The date we have all been searching for is 1837: the General Register Office is part of Her Majesty’s Passport Office and contains records dating back to 1837. I thought that would be useful.

I beg to move Amendment 117A in my name. This stems from my period of service as chairman of a wonderful charity called StepChange, which deals with individual debt owed by ordinary people. In the time I was there—I resigned about two years ago—we had about 600,000 people a year contacting the telephone helpline or going online to try to seek solutions to their debt problems, so it is a very significant problem in British society and something we must take a great deal of care about. Most people who came to us were struggling with multiple debts; in other words, they owed money to a variety of different sources, ranging from local authorities, mobile phone companies, debt collection agencies, Revenue & Customs, payday lenders, utility companies and catalogue lenders—there is a very large number of them.

A median client would be aged about 45, female and owing about £20,000 to eight different creditors, so it is a significant problem that people get into. Within that, with a tremendous requirement now for debt advice, with lots of people struggling with debt, one worrying trend has been how bad central and local government have been in dealing with people, particularly those with multiple debts. A recent survey of about 1,000 StepChange clients found widespread aggressive enforcement from local authorities even when people were asking their authority for help. Clients were more than twice as likely to be threatened with court action or bailiffs than to be offered an affordable payment option. This is despite guidance being issued by central government about how debts should be treated.

Of course, what happens when people face strong demands, very often from central or local government, is that they tend to go to people who can lend them money quickly, probably from an existing credit line, almost certainly, until recently—but even today it is still happening—taking out a payday loan. They try to borrow more to try to pay back original debts and get themselves into a worse situation than they were before. The same survey asked clients to rate what their creditors had done to them and whether they treated them fairly or unfairly. I am afraid to say that public sector creditors came out very badly, occupying three of the top six places in the unfair treatment table. It is interesting to note that HMRC, for instance, scored no better than payday lenders, which the Government, through the FCA, have spent a lot of time trying to sort out over recent years.

That is the background of our concern. We welcome the provisions in the Bill to think again about how debts owed to the public sector are collected. In that light, these amendments are put forward for suggestion, they are probing amendments at this stage, and I hope that they will elicit a response, because it is not just StepChange, the debt charity, that has been concerned about this. Citizens Advice has also raised concern about public sector debt collection practices, finding that public sector creditors are,

“mostly out of step with financial services and utilities companies when it comes to setting affordable repayment rates, and that our clients can suffer detriment when public bodies have uncoordinated and inconsistent approaches to debt collections ... central government debt collection lags behind the higher standards expected of other creditors”.

This is focused on individuals who have problems with their debts, but of course there is a wider cost to society as a whole which, through relationship breakdown, homelessness and difficulties with maintaining concentration at work, et cetera, has been estimated at about £8 billion a year. The Bill contains clauses that relate to this and they seem to suggest that central government as a whole—but in this case HMRC—are thinking about how the data-sharing powers that are coming should be used to allow them to collect several debts at once, but also to do it in a slightly different way. I hope that is the case. We are back with our old friend, the code of practice, because what is said in the code of practice will determine whether this will work.

I have, then, four things I invite Ministers to respond to. First, Clause 45 is limited to departments that seek data-sharing powers and says only that they should “have regard to” the code of practice. This has, I think, been picked up in other amendments that we have considered today. It would be good if the code of practice were also embedded in a much stronger statutory provision, to give it real bite. We have seen examples of guidance—I mentioned one involving central government issuing guidance on council tax collection methods—but such guidance does not work, because it is non-binding and only advisory. If there is a code, it should be embedded in the statute and people affected by it should be able to refer back to it to make sure that it works properly.

Secondly, the public body itself must believe that this is the way in which it needs to operate. Within the amendments are a range of issues that central government bodies might pick up that would match the best practice in utilities, banks, credit cards and store cards—all of which have been through the cycle of trying to get money out of individuals who owe them and other people money, and have recognised that you have to deal with people with multiple debts in a completely different way from those who just owe money directly. That is gradually changing the way people operate. There is further to go, but it is a lesson that should be learned. I hope that the codes can be adapted to reflect that.

Thirdly—this may be too much of an ask, but it should be recognised—this Bill applies only to public bodies, and their creditors, when they are seeking to use the data-sharing powers. The problem is, of course, wider than the data-sharing powers. Problems with central and local government debt collections are widespread: practices need to be reformed and this is not likely to relate only to places where data sharing is used. The Government should think ahead about this and try to set out an understanding for all their agencies that poor debt-collection practices can harm the rate at which they get their money back and the time it takes, and it will also harm the financially vulnerable people. Taking account of that across all their practices would be a very good thing.

These amendments, therefore, try to raise those points, but there is one other thing that the Government should try to do, which is in the first amendment. It is to take a lesson from Scotland—I am sure that the noble and learned Lord from Scotland will wish to pick this up and think harder about it—where, when you have a private or a public debt and seek guidance from the state agency that operates that scheme, you are given statutory protection from excess charges and your interest rates are frozen, providing you stick to your debt repayment plan. That means that people get a breathing space, time to organise their finances, think about their budgets and work out what they are going to do, without the terrible pressure from those who are owed money to start repaying it. It is only when all those issues have been brought together, and an agreement reached between the creditors and the agency, that repayment begins. That has a very much higher rate of success than any other scheme. England lags way behind on this, and it would be no skin off the Treasury’s nose if it took a leaf out of the Scottish Government’s book and brought in their procedures—with a statutory breathing space that gave some hope to people who want to repay their debts but cannot do so because the practices are not as good.

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

My Lords, I acknowledge the point made by the noble Lord, Lord Stevenson, that this is a significant issue, and I understand that this is a probing amendment to allow us to consider some of the wider issues that he has touched on in the debate.

Amendment 117A seeks to include in the Bill an additional purpose: to enable debt information to be shared under the powers provided by Clause 41. It seeks to state explicitly that debt data can be disclosed,

“for the purpose of helping individuals to manage their debts”.

There is also a reference to the breathing space, and I will come back to that point in a moment in response to the questions posed by the noble Lord.

In the first instance, we would venture that the amendment is not necessary. The provisions as drafted enable information to be shared,

“for the purposes of the taking of action in connection with debt owed to”,

a public authority or the Crown. This includes but is not limited to, for example, identifying or collecting debt. The provision is sufficiently broad to enable sharing for the purpose set out in this amendment. That is the position of the Government. The Government are considering the recommendations that have been made following work to look into the merits of introducing a breathing space for customers, which we are aware is available in other jurisdictions. While the Government are considering these recommendations, it would be premature to incorporate a reference to this initiative in the Bill at this time. I hope the noble Lord will accept that the matter is being looked at.

21:45
The effect of Amendment 133 would be that any public authority or person providing services to a public authority in identifying or collecting debt, bringing civil proceedings or taking administrative action as a result of debt of that kind would have, in doing so, to comply with the Clause 45 code of practice, regardless of whether they were using the Clause 41 power. A wide range of public authorities and devolved Administrations need flexibility and autonomy to manage their own unique debt portfolios in the most suitable way, and in line with the legislative powers ascribed to them. There are a range of existing procedures and powers specific to particular bodies. We consider that it would be unhelpful simply to cut across these.
Amendment 132 prescribes more detail for the contents of the code. We have already touched upon the codes. Proposed new subsections (3B) and (3C) would require the code to contain provisions requiring specified persons intending to make use of the debt power,
“to have in place procedures to identify vulnerable people and take appropriate account of their needs and circumstances”,
and,
“to assess the affordability of debt repayments by reference to a common standard”.
The code would also have to include provision requiring specified persons, before taking any action following the sharing of information under the debt power,
“to consider the welfare of the people who owe the debt”.
The code of practice already contains fairness principles, which were developed across government and with debt advice charities. These are intended to enable a common approach to fairness when public authorities collaborate to develop pilot activity under the debt data-sharing power. Furthermore, the codes will be put out for further consultation before they are finalised, so we do not want to pre-empt this exercise by inserting requirements at this level of detail on its content at this stage. However, I note what the noble Lord said with regard to the codes. They are still being looked at and will be looked at further in this context.
I understand the desire to ensure that the codes are effective; it is the desire of the Government as well. As the noble Lord observed, you can press so hard in the matter of debt recovery but, as banks and others have discovered in the past, if you press too hard something breaks and nothing is returned. We suggest that the codes provide a strong safeguard for the use of the powers, backed up by real consequences if they are not adhered to. There is a power there to ensure that although the Bill says “have regard to”, it is a legal obligation and suitably flexible in the context of these powers. While we continue to consider the recommendations of the Delegated Powers Committee, which also touched upon this, I invite the noble Lord to withdraw his amendment.
Lord Stevenson of Balmacara Portrait Lord Stevenson of Balmacara
- Hansard - - - Excerpts

I thank the Minister very much for his considered response. I am grateful to him for that. The breathing space proposal has been around for some time, so I was hoping to get a bit of an edge on it but we will clearly have to wait and see. It would provide a very big step forward for how public debts are organised. As I said, how the code of practice is framed is the main issue and I am grateful for the Minister’s thoughts that there might still be opportunities to influence it. What was said today might do that trick but we will certainly look at it carefully. With that, I would like to withdraw the amendment.

Amendment 117A withdrawn.
Clause 42: Further provisions about power in section 41
Amendment 118
Moved by
118: Clause 42, page 42, line 29, leave out from “behaviour”” to end of line 31 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
Amendment 118 agreed.
Amendment 119 not moved.
Amendments 120 and 121
Moved by
120: Clause 42, page 43, line 10, leave out from “by” to end of line 11 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.”
121: Clause 42, page 43, line 11, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (8)(b) has effect as if it included a reference to that Part.”
Amendments 120 and 121 agreed.
Clause 42, as amended, agreed.
Clause 43: Confidentiality of personal information
Amendments 122 to 124 not moved.
Amendment 125
Moved by
125: Clause 43, page 43, line 29, at end insert—
“( ) which is a protected disclosure for any of the purposes of the Employment Rights Act 1996 or the Employment Rights (Northern Ireland) Order 1996 (SI 1996/1919 (NI 16)),( ) consisting of the publication of information for the purposes of journalism, where the publication of the information is in the public interest,”
Amendment 125 agreed.
Amendments 126 and 127 not moved.
Amendment 128
Moved by
128: Clause 43, page 43, line 34, leave out from “behaviour”” to end of line 36 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
Amendment 128 agreed.
Clause 43, as amended, agreed.
Clause 44: Information disclosed by the Revenue and Customs
Amendments 129 and 130
Moved by
129: Clause 44, page 44, line 16, leave out “(“P”)”
130: Clause 44, page 44, leave out lines 17 and 18 and insert “by that person”
Amendments 129 and 130 agreed.
Clause 44, as amended, agreed.
Clause 45: Code of practice
Amendments 131 to 135 not moved.
Clause 45 agreed.
Clauses 46 and 47 agreed.
Clause 48: Interpretation of this Chapter
Amendment 136
Moved by
136: Clause 48, page 48, line 25, leave out paragraphs (a) and (b) and insert—
“( ) a devolved Welsh authority as defined by section 157A of the Government of Wales Act 2006, or( ) a person providing services to a devolved Welsh authority as defined by that section.”
Amendment 136 agreed.
Clause 48, as amended, agreed.
Clause 49: Disclosure of information to combat fraud against the public sector
Amendments 137 and 138 not moved.
Clause 49 agreed.
Clause 50: Further provisions about power in section 49
Amendment 138A not moved.
Amendments 139 to 141
Moved by
139: Clause 50, page 50, line 28, leave out from “behaviour”” to end of line 30 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
140: Clause 50, page 51, line 8, leave out from “by” to end of line 9 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.”
141: Clause 50, page 51, line 9, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (8)(b) has effect as if it included a reference to that Part.”
Amendments 139 to 141 agreed.
Clause 50, as amended, agreed.
Clause 51: Confidentiality of personal information
Amendments 142 to 144 not moved.
Amendment 145
Moved by
145: Clause 51, page 51, line 27, at end insert—
“( ) which is a protected disclosure for any of the purposes of the Employment Rights Act 1996 or the Employment Rights (Northern Ireland) Order 1996 (SI 1996/1919 (NI 16)),( ) consisting of the publication of information for the purposes of journalism, where the publication of the information is in the public interest,”
Amendment 145 agreed.
Amendments 146 and 146A not moved.
Amendment 147
Moved by
147: Clause 51, page 51, line 35, leave out from “behaviour”” to end of line 37 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
Amendment 147 agreed.
Clause 51, as amended, agreed.
Clause 52: Information disclosed by the Revenue and Customs
Amendments 148 and 149
Moved by
148: Clause 52, page 52, line 19, leave out “(“P”)”
149: Clause 52, page 52, leave out lines 20 and 21 and insert “by that person”
Amendments 148 and 149 agreed.
Clause 52, as amended, agreed.
Clause 53: Code of practice
Amendments 150 to 152 not moved.
Clause 53 agreed.
Clauses 54 and 55 agreed.
Clause 56: Interpretation of this Chapter
Amendment 153
Moved by
153: Clause 56, page 56, line 22, leave out paragraphs (a) and (b) and insert—
“( ) a devolved Welsh authority as defined by section 157A of the Government of Wales Act 2006, or( ) a person providing services to a devolved Welsh authority as defined by that section.”
Amendment 153 agreed.
Clause 56, as amended, agreed.
Clause 57: Disclosure of information for research purposes
Amendment 154
Moved by
154: Clause 57, page 57, line 14, at end insert—
“( ) Information may be disclosed under subsection (5)(b)—(a) only with the consent of the Commissioners for Her Majesty’s Revenue and Customs, if it is information to which section 60 (2) applies;(b) only with the consent of the Welsh Revenue Authority, if it is information to which section (Information disclosed by the Welsh Revenue Authority)(5) applies;(c) only with the consent of Revenue Scotland, if it is information to which section (Information disclosed by Revenue Scotland)(5) applies.”
Amendment 154 agreed.
Amendment 155
Moved by
155: Clause 57, page 57, leave out lines 27 to 30 and insert—
“( ) any person (including the public authority) who is involved in processing the information for disclosure under subsection (1);”
Lord Ashton of Hyde Portrait The Parliamentary Under-Secretary of State, Department for Culture, Media and Sport (Lord Ashton of Hyde) (Con)
- Hansard - - - Excerpts

My Lords, these amendments apply to the research power, and there is an additional amendment which applies to the statistics power. Together, they add clarity and strength to the set of robust safeguards that have been developed to facilitate the processing and safe disclosure of personal information provided by public authorities for research purposes. To encourage greater use of publicly held data for research in the public interest, it is important that everyone concerned can have confidence that personal information is appropriately protected, while at the same time researchers are able to interrogate the information to produce research findings that further the public interest. These amendments further help strike that balance.

The amendments fall into four categories. First, Amendment 155, to Clause 57(9), makes clear, for the avoidance of doubt, that a public authority that processes another public authority’s personal information must be accredited to do so, as well as to process its own information.

Secondly, Amendments 159 to 180 and Amendment 191 correct defects in the drafting of Clauses 59 and 60. The defect in each clause prevents persons who receive processed information from processors under Clause 57(1) disclosing that information at all if that information meets the wide definition in Clause 57(12), whereas it was always intended that researchers would be able to disclose the information that they receive under the power to other researchers for the purposes of peer review. The amendments also strengthen the unlawful disclosure provisions by adding a new offence which applies to disclosure of a defined category of personal information by a person who has received processed information under Clause 57(1). The information that is protected is consistent with Section 39 of the Statistics and Registration Service Act 2007. The amendments have been drafted in a way that will enable researchers to submit their findings for peer review and for publication in a similar way to current practice under that Act. These amendments have been developed with the assistance of the UK Statistics Authority, which has considerable expertise in this area.

Thirdly, Amendments 183 to 189 and Amendments 192 to 195 tidy up a drafting error by which the code of practice currently applies to the disclosure, holding or use of both personal information and information that is not, or never has been, personal. To apply the code or any other safeguards in this power to information that does not identify or risk identifying individuals would be unnecessarily bureaucratic.

Finally, Amendment 210 to new Section 53A supports devolved statistics by giving the UK Statistics Authority a mechanism to share information with its statistical counterparts in the devolved Administrations. In Northern Ireland, the principal statistical department is the Northern Ireland Statistics and Research Agency, or NISRA. Some of NISRA’s functions are held specifically by its parent department, the Department of Finance. Other statistical functions are held only by the Registrar-General for Northern Ireland. New Section 53A(2) does not currently list the Registrar-General for Northern Ireland as a devolved authority, meaning that UKSA cannot share information with NISRA relating to the Registrar-General’s statistical functions. This amendment resolves this difficulty by adding the Registrar-General for Northern Ireland to the definition of devolved authority in new Section 53A(2). I beg to move.

Amendment 155 agreed.
Amendment 156 not moved.
Clause 57, as amended, agreed.
Clause 58: Provisions supplementary to section 57
Amendments 157 and 158
Moved by
157: Clause 58, page 58, line 11, leave out from “by” to end of line 12 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.”
158: Clause 58, page 58, line 12, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (2)(b) has effect as if it included a reference to that Part.”
Amendments 157 and 158 agreed.
Clause 58, as amended, agreed.
Clause 59: Bar on further disclosure of personal information
Amendments 159 to 163
Moved by
159: Clause 59, page 58, line 28, at end insert—
“(A1) Subsection (A2) applies to personal information—(a) in which the identity of a particular person is specified or from which the identity of a particular person can be deduced, whether from the information itself or from that information taken together with any other published information, and(b) which is received by a person (“P”) under section 57 (1)(disclosure for research purposes).(A2) Personal information to which this subsection applies may not be disclosed—(a) by P, or(b) by any other person who has received it directly or indirectly from P.(A3) Subsection (A2) does not apply to a disclosure—(a) to a person by whom the research referred to in section 57(1) is being or is to be carried out, or(b) by a person by whom such research is being or has been carried out—(i) for the purposes of enabling anything that is to be published as a result of the research to be reviewed before publication, and (ii) to a person who is accredited under section 62 as a person to whom such information may be disclosed for that purpose.”
160: Clause 59, page 58, line 29, leave out “This section” and insert “Subsection (2)”
161: Clause 59, page 58, line 33, leave out “section” and insert “subsection”
162: Clause 59, page 58, line 35, at end insert—
“( ) Subsection (2) does not apply to a disclosure—(a) under section 57(1) or (5), or(b) of information previously disclosed under section 57(1), where the disclosure is made by—(i) the person to whom the information was disclosed under that provision, or(ii) any person who has received the information directly or indirectly from the person mentioned in sub-paragraph (i),(but subsection (A2) may apply to such a disclosure).”
163: Clause 59, page 58, line 36, after “Subsection” insert “(A2) or”
Amendments 159 to 163 agreed.
Amendment 164 not moved.
Amendment 165
Moved by
165: Clause 59, page 58, line 37, leave out “(including section 57(5))”
Amendment 165 agreed.
Amendments 166 to 168 not moved.
22:00
Amendments 169 to 173
Moved by
169: Clause 59, page 59, line 5, after “criminal),” insert—
“( ) which is a protected disclosure for any of the purposes of the Employment Rights Act 1996 or the Employment Rights (Northern Ireland) Order 1996 (SI 1996/1919 (NI 16)),( ) consisting of the publication of information for the purposes of journalism, where the publication of the information is in the public interest,”
170: Clause 59, page 59, line 16, leave out from “behaviour”” to end of line 18 and insert “means conduct that—
(a) is likely to cause harassment, alarm or distress to any person, or(b) is capable of causing nuisance or annoyance to a person in relation to that person’s occupation of residential premises.”
171: Clause 59, page 59, line 21, after “subsection” insert “(A2) or”
172: Clause 59, page 59, line 40, leave out “57(5)” and insert “57 (1) or (5)”
173: Clause 59, page 59, line 40, at end insert “, the Welsh Revenue Authority or Revenue Scotland”
Amendments 169 to 173 agreed.
Clause 59, as amended, agreed.
Clause 60: Information disclosed by the Revenue and Customs
Amendments 174 to 180
Moved by
174: Clause 60, page 59, line 41, at end insert—
“(A1) Subsection (A2) applies to personal information—(a) in which the identity of a particular person is specified or from which the identity of a particular person can be deduced, whether from the information itself or from that information taken together with any other published information, and(b) which—(i) is disclosed under section 57 (1)(disclosure for research purposes) by the Revenue and Customs, or(ii) is disclosed under section 57 (1) by a person other than the Revenue and Customs and is derived from information disclosed under section 57 (5) by the Revenue and Customs,and is received by a person (“P”) under section 57(1).(A2) Personal information to which this subsection applies may not be disclosed by P.(A3) Subsection (A2) does not apply to a disclosure—(a) to a person by whom the research referred to in section 57 (1) is being or is to be carried out, or(b) by a person by whom such research is being or has been carried out—(i) for the purposes of enabling anything that is to be published as a result of the research to be reviewed before publication, and(ii) to a person who is accredited under section 62 as a person to whom such information may be disclosed for that purpose.”
175: Clause 60, page 59, line 42, leave out “This section” and insert “Subsection (2)”
176: Clause 60, page 60, line 1, leave out “section” and insert “subsection”
177: Clause 60, page 60, line 3, leave out “directly or indirectly from P” and insert “under section 57 (5)”
178: Clause 60, page 60, line 3, at end insert—
“( ) Subsection (2) does not apply to a disclosure under section 57(1).”
179: Clause 60, page 60, line 4, after “Subsection” insert “(A2) or”
180: Clause 60, page 60, line 7, after “subsection” insert “(A2) or”
Amendments 174 to 180 agreed.
Clause 60, as amended, agreed.
Amendments 181 and 182
Moved by
181: After Clause 60, insert the following new Clause—
“Information disclosed by the Welsh Revenue Authority
(1) Subsection (2) applies to personal information—(a) in which the identity of a particular person is specified or from which the identity of a particular person can be deduced, whether from the information itself or from that information taken together with any other published information, and(b) which—(i) is disclosed under section 57 (1)(disclosure for research purposes) by the Welsh Revenue Authority, or (ii) is disclosed under section 57 (1) by a person other than the Welsh Revenue Authority and is derived from information disclosed under section 57 (5) by the Welsh Revenue Authority,and is received by a person (“P”) under section 57(1).(2) Personal information to which this subsection applies may not be disclosed by P.(3) Subsection (2) does not apply to a disclosure—(a) to a person by whom the research referred to in section 57 (1) is being or is to be carried out, or(b) by a person by whom such research is being or has been carried out—(i) for the purposes of enabling anything that is to be published as a result of the research to be reviewed before publication, and(ii) to a person who is accredited under section 62 as a person to whom such information may be disclosed for that purpose.(4) Subsection (5) applies to personal information which—(a) identifies a particular person, and(b) is disclosed by the Welsh Revenue Authority under section 57 (5)(disclosure for processing) and received by a person (“P”).(5) Personal information to which this subsection applies may not be disclosed—(a) by P, or(b) by any other person who has received it under section 57 (5).(6) Subsection (5) does not apply to a disclosure under section 57 (1).(7) Subsection (2) or (5) does not apply to a disclosure which is made with the consent of the Welsh Revenue Authority (which may be general or specific).(8) A person who contravenes subsection (2) or (5) is guilty of an offence.(9) It is a defence for a person charged with an offence under subsection (8) to prove that the person reasonably believed—(a) that the disclosure was lawful, or(b) that the information had already and lawfully been made available to the public.(10) A person who is guilty of an offence under subsection (8) is liable—(a) on summary conviction, to imprisonment for a term not exceeding 12 months, to a fine, or to both;(b) on conviction on indictment to imprisonment for a term not exceeding two years, to a fine or to both.(11) In the application of subsection (10)(a) to an offence committed before the coming into force of section 154(1) of the Criminal Justice Act 2003 the reference to 12 months is to be read as a reference to 6 months.”
182: After Clause 60, insert the following new Clause—
“Information disclosed by Revenue Scotland
(1) Subsection (2) applies to personal information—(a) in which the identity of a particular person is specified or from which the identity of a particular person can be deduced, whether from the information itself or from that information taken together with any other published information, and(b) which—(i) is disclosed under section 57 (1)(disclosure for research purposes) by Revenue Scotland, or(ii) is disclosed under section 57 (1) by a person other than Revenue Scotland and is derived from information disclosed under section 57 (5) by Revenue Scotland,and is received by a person (“P”) under section 57(1). (2) Personal information to which this subsection applies may not be disclosed by P.(3) Subsection (2) does not apply to a disclosure—(a) to a person by whom the research referred to in section 57 (1) is being or is to be carried out, or(b) by a person by whom such research is being or has been carried out—(i) for the purposes of enabling anything that is to be published as a result of the research to be reviewed before publication, and(ii) to a person who is accredited under section 62 as a person to whom such information may be disclosed for that purpose.(4) Subsection (5) applies to personal information which—(a) identifies a particular person, and(b) is disclosed by Revenue Scotland under section 57 (5)(disclosure for processing) and received by a person (“P”).(5) Personal information to which this subsection applies may not be disclosed—(a) by P, or(b) by any other person who has received it under section 57 (5).(6) Subsection (5) does not apply to a disclosure under section 57 (1).(7) Subsection (2) or (5) does not apply to a disclosure which is made with the consent of Revenue Scotland (which may be general or specific).(8) A person who contravenes subsection (2) or (5) is guilty of an offence.(9) It is a defence for a person charged with an offence under subsection (8) to prove that the person reasonably believed—(a) that the disclosure was lawful, or(b) that the information had already and lawfully been made available to the public.(10) A person who is guilty of an offence under subsection (8) is liable—(a) on summary conviction, to imprisonment for a term not exceeding 12 months, to a fine not exceeding the statutory maximum or to both;(b) on conviction on indictment to imprisonment for a term not exceeding two years, to a fine or to both.”
Amendments 181 and 182 agreed.
Clause 61: Code of practice
Amendments 183 and 184
Moved by
183: Clause 61, page 60, line 18, after “of” insert “personal”
184: Clause 61, page 60, line 20, after “of” insert “personal”
Amendments 183 and 184 agreed.
Amendment 185 not moved.
Amendment 186
Moved by
186: Clause 61, page 60, line 24, after “disclosing” insert “personal information”
Amendment 186 agreed.
Amendment 187 not moved.
Amendments 188 and 189
Moved by
188: Clause 61, page 60, line 29, leave out “or (c)” and insert “, (c) or (ca)”
189: Clause 61, page 60, line 30, after “using” insert “personal”
Amendments 188 and 189 agreed.
Amendment 190 not moved.
Clause 61, as amended, agreed.
Clause 62: Accreditation for the purposes of this Chapter
Amendments 191 to 193
Moved by
191: Clause 62, page 61, line 18, at end insert—
“(ca) may accredit a person as a person to whom such information may be disclosed for the purposes of a review of the kind mentioned in section 59(A3)(b), 60(A3)(b), (Information disclosed by the Welsh Revenue Authority)(3)(b) or (Information disclosed by Revenue Scotland)(3)(b),”
192: Clause 62, page 61, line 19, leave out “that section” and insert “section 57 ”
193: Clause 62, page 61, line 23, leave out “or (c)” and insert “, (c) or (ca)”
Amendments 191 to 193 agreed.
Amendment 194 not moved.
Amendment 195
Moved by
195: Clause 62, page 62, line 11, at end insert “, and
( ) a register of persons who are accredited under subsection (1)(ca).”
Amendment 195 agreed.
Clause 62, as amended, agreed.
Clauses 63 and 64 agreed.
Clause 65: Disclosure of non-identifying information by HMRC
Amendment 196 not moved.
Clause 65 agreed.
Amendment 196A not moved.
Clause 66 agreed.
Clause 67: Disclosure of information by public authorities to the Statistics Board
Amendments 197 and 198
Moved by
197: Clause 67, page 65, line 15, leave out from “by” to “or” in line 16 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016,”
198: Clause 67, page 65, line 18, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (9)(b) has effect as if it included a reference to that Part.”
Amendments 197 and 198 agreed.
Clause 67, as amended, agreed.
Clause 68: Access to information by Statistics Board
Amendment 199
Moved by
199: Clause 68, page 66, line 16, leave out from beginning to end of line 25 on page 67 and insert—
“(2) Subject to subsection (1) of this section and section 45E, the Board may, by notice in writing to a public authority to which this section applies, require the authority to disclose to the Board information which—(a) is held by the authority in connection with its functions, and(b) is specified, or is of a kind specified, in the notice.(3) A notice under subsection (2) may require information to be disclosed on more than one date specified in the notice within a period specified in the notice.(4) A notice under subsection (2) other than one within subsection (3) must specify the date by which or the period within which the information must be disclosed.(5) A notice under subsection (2) may specify the form or manner in which the information to which it relates must be disclosed.(6) A notice under subsection (2) may require the public authority to consult the Board before making changes to—(a) its processes for collecting, organising, storing or retrieving the information to which the notice relates, or(b) its processes for supplying such information to the Board.(7) The reference in subsection (6) to making changes to a process includes introducing or removing a process.(8) The Board may give a notice under subsection (2) only if the Board requires the information to which the notice relates to enable it to exercise one or more of its functions.(9) The Board must obtain the consent of the Scottish Ministers before giving a notice under subsection (2) to a public authority which is a Scottish public authority with mixed functions or no reserved functions (within the meaning of the Scotland Act 1998).(10) The Board must obtain the consent of the Welsh Ministers before giving a notice under subsection (2) to a public authority which is a Wales public authority as defined by section 157A of the Government of Wales Act 2006.(11) The Board must obtain the consent of the Department of Finance in Northern Ireland before giving a notice under subsection (2) to a public authority if—(a) the public authority exercises functions only as regards Northern Ireland, and(b) its functions are wholly or mainly functions which relate to transferred matters (within the meaning of the Northern Ireland Act 1998).(12) A public authority to which a notice under subsection (2) is given must comply with it. (13) But the public authority need not comply with the notice if compliance—(a) might prejudice national security,(b) would contravene the Data Protection Act 1998,(c) would be prohibited by Part 1 of the Regulation of Investigatory Powers Act 2000, or(d) would contravene directly applicable EU legislation or any enactment to the extent that it implements EU legislation.”
Baroness Byford Portrait Baroness Byford (Con)
- Hansard - - - Excerpts

My Lords, I rise to move the amendment tabled by my noble friend Lord Willetts, who apologises that he could not be here tonight. I have the two other amendments in the same group. Clause 68 makes mandatory the provision of data by Crown bodies to the ONS for defined statistical research purposes. An alternative approach might be for an organisation such as the Information Commissioner’s Office to provide arbitration on contentious requests.

Clear insight into whether the Bill directs Crown bodies to share data from statistics is needed in Clause 68. At the Bill’s Committee stage in the House of Commons, where there was a long discussion on this, Chris Skidmore, Minister for the Constitution in the Cabinet Office, said it would be possible for a Crown body to refuse an ONS request for data and,

“where necessary, have their refusal put before Parliament”.—[Official Report, Commons, Digital Economy Public Bill Committee, 27/10/16; col. 379.]

The Royal Statistical Society’s primary objection to this is that it provides no subsequent mechanism for the ONS to secure access to the data. It is also unclear to it what the process means in practice, which part of the legislature will deal with that correspondence, what it is expected to do with it and what sanctions it can apply for non-disclosure. The RSS has been asking why this is in place and whether it is justified, especially as other countries, such as Canada, operate with less burdensome arrangements. I should say that I am very grateful to the Royal Statistical Society for its briefing, otherwise I would be really lost. The RSS says:

“Including the Minister’s contribution, we have heard two arguments thus far … The Minister explained the different treatments for Crown bodies and other public authorities as being due to conventions: ‘That way of working, set out in sections 45B and 45C, ensures consistency between how a Crown body interacts with another on the one hand, and how a Crown body interacts with a non-Crown body on the other’ … We have also been privy to a different, earlier argument that due to the indivisibility of the Crown, one Crown body cannot give directions to another”.


If we thought earlier discussions were difficult, I think it is getting even more so.

The briefing continues by saying that,

“we have sought and obtained legal advice, which suggests that Parliament could technically direct departments to do what it deems fit. The government’s position, although it is not unprecedented, appears politically or culturally based. It may be that the government has heard objections from some departments to a mandatory approach. We are aware that there could be reluctance on the part of some departments to share data generally, and with ONS and researchers in particular. However, problems of risk aversion to data sharing ought to be addressed without obstructing the proposed right for ONS to access data for statistical purposes, which has been more widely supported and called for, for example, by the Public Administration Select Committee (2013) and the Science and Technology Select Committee (2016), and in other reports described in the House of Commons Library’s analysis”.

There is much more material here but I shall not push the matter further. I hope I have given my noble friend enough to respond to.

My Amendments 208 and 209, which are linked to this, are much simpler and more direct as far as I am concerned, because I am not technically astute on the other topic. Large, well-known charities employ many people using many skills and who are occupied full-time in their jobs. Little charities rely on unpaid volunteers who may not have a wide range of skills and who use their free time to work purely for the charity. I have two examples in mind. The first is Freddie’s Wish, which commemorates a little boy who died in a car crash. His mother set up the charity to help local bereaved families and to raise money for the children’s hospital and the air ambulance. In two years it has raised over £50,000 and trained more than 100 volunteers in paediatric first aid.

The second example is Evelyn’s Gift, which has been a registered charity for less than a year although its founder and volunteers have been working for nearly four years. It is in memory of a seven year-old girl who died of respiratory illness. Its aims are to arrange CPR training and to continue her practice of doing little acts of kindness. The list of acts done in her name and in the name of people and the organisations that support them is inspiring. The charity employs no one and all the work is carried out by unpaid volunteers.

Organisations such as these have no resources to supply the Statistics Board with information. An unpaid voluntary worker would have to give time to filling in forms instead of doing the work he or she has signed up for and dearly wishes to do. It could be difficult to persuade anyone to donate even more time in this pursuit. A small charity with irregular income but making an important local contribution could well be destroyed by a fine levied under new Section 45F(3).

Most people nowadays have heard of charitable shoe boxes. These are sent, filled with practical gifts—hand-knitted hats, scarves and gloves, pens and paper, recycled soft toys, tennis balls and so on—to underprivileged children in Africa and eastern Europe, and, indeed, in our own country. Those who fill them spend their own money and devote much time to making up these boxes. The work is carried out throughout the year and each box going abroad to Africa costs at least £2.50 to transport in November and December. Villages, primary schools, care homes and religious groups donate goods, money, time and effort to reclaiming, recycling and packing huge quantities of otherwise unwanted items. They also raise funds for basic toiletries, small packs of sweets and things such as pens and paper, without which some children cannot go to school. I know of one village that last year sent 1,326 boxes to the central depot.

Who is to fill in the forms for the Statistics Board, and is that really necessary for these very small charities? The boxes come from all over the country. They must not contain liquids, chocolate or sweets dated for expiry before the end of March of the following year. Beyond this, there is no record of contents, value or hours worked. With such charities, my concern is that the figures available to the Statistics Board will be solely to do with the transport of the finished items. That would surely distort the results of any study by the board. I suggest that we should therefore exempt such charities from the Bill. I beg to move.

Viscount Ullswater Portrait The Deputy Speaker (Viscount Ullswater) (Con)
- Hansard - - - Excerpts

I must advise your Lordships that, if this amendment is agreed to, I will not be able to call Amendments 200 to 202 because of pre-emption.

Baroness O'Neill of Bengarve Portrait Baroness O'Neill of Bengarve (CB)
- Hansard - - - Excerpts

My Lords, I rise briefly to support this amendment. There seems to be something quite perverse in obstructing the access of the Statistics Board to datasets that are in the hands of other public bodies. That is a very simplified account, but it is a curious place in which to have an obstacle. I hope that the Minister can consider this clause very seriously.

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

I am obliged to the noble Baronesses for their interest in this part of the Bill. As your Lordships will be aware, Clause 68 gives the UK Statistics Authority the powers to access important data needed to produce official statistics to support decision-making.

On Amendment 199, new Section 45B gives UKSA a right of access to information held by Crown bodies. A Crown body must respond in writing to a formal notice issued by the UK Statistics Authority and explain any refusal to give the authority information. If the Crown body’s explanation is inadequate or it fails to respond or comply, the UK Statistics Authority may lay the request and any response before the relevant legislature. A Crown body must therefore either comply with the notice or explain its refusal in writing. Where the Statistics Authority puts that correspondence before Parliament, then Parliament can judge the body’s actions openly and transparently. We consider that this is the right approach, creating effective, proportionate accountability and transparency.

Of course, my noble friend Lady Byford would argue that the amendment is a more effective means of requiring a Crown body to give the Statistics Authority the information. We cannot accept that it is either necessary or desirable. The Statistics Authority is part of the Crown, as are government departments. As my noble friend anticipated, it would be extremely novel, and possibly unprecedented, to legislate to compel one part of the Crown to obey another. Even the Health and Safety at Work etc. Act 1974 excludes the Crown from being subject to enforcement measures such as prosecution, instead providing long-standing structures to help departments to work with each other administratively. In this context, new Section 45B strikes the right balance. I hope that explanation reassures my noble friend.

22:15
On Amendments 208 and 209, there may have been some misunderstanding. New Section 45D allows the UK Statistics Authority to require information from undertakings, excluding micro-businesses and small businesses. It defines small and micro-businesses using Section 33 of the Small Business, Enterprise and Employment Act 2015, and these definitions cover charities along with other voluntary and community bodies. Accordingly, they are excluded, and the examples that my noble friend gave would, on the face of it, be excluded from these provisions.
There is a further point to be made about this, which I shall come to in a moment. The Statistics Authority is committed to using its powers in a proportionate and fair way that minimises burdens associated with producing statistics and has set this out in its draft statement of principles. In the first instance, the UKSA would look to obtain information from large, preferably national, data holders rather than seek it from multiple small data holders. This reflects the policy intention there should be no new burdens on small undertakings, including charities. New Section 45D reflects this principled approach by excluding small undertakings, based on limited headcount and finances. As I said before, that would include charities as well as other voluntary organisations.
One point that I would note is that Section 33 of the 2015 Act has not yet been commenced. We are exploring transitional arrangements to address this, and intend to return to this matter on Report. However, in the present circumstances, I invite my noble friend to withdraw the amendment.
Baroness Byford Portrait Baroness Byford
- Hansard - - - Excerpts

I am very grateful to my noble and learned friend for his response. I am unable to really comment properly on Amendment 199, because I would like my noble friend Lord Willetts to have a chance to read and reflect on the Minister’s response to that issue.

On my own two amendments, I thank him for his comments. One thing that has always troubled me with charities is that sometimes you have a small charity that has a large income, but at the other end you have a large charity with a very small income. I am not totally clear, but I shall read very carefully on whether the lay-down that we have at the moment on micro and small is correct for what I am trying to suggest the Government should think about. However, I thank the Minister for his full response, which I shall read carefully in Hansard. In the meantime, I beg leave to withdraw the amendment.

Amendment 199 withdrawn.
Amendments 200 to 207
Moved by
200: Clause 68, page 66, line 25, leave out from “by” to “or” in line 26 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016,”
201: Clause 68, page 66, line 28, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (3)(b) has effect as if it included a reference to that Part.”
202: Clause 68, page 67, line 18, leave out “Wales public authority” and insert “devolved Welsh authority”
203: Clause 68, page 68, line 21, leave out “Wales public authority” and insert “devolved Welsh authority”
204: Clause 68, page 68, line 38, leave out from “by” to “or” in line 39 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016,”
205: Clause 68, page 68, line 41, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (13)(c) has effect as if it included a reference to that Part.”
206: Clause 68, page 69, line 25, leave out from “by” to end of line 26 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.”
207: Clause 68, page 69, line 26, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (9)(c) has effect as if it included a reference to that Part.”
Amendments 200 to 207 agreed.
Amendments 208 and 209 not moved.
Clause 68, as amended, agreed.
Clause 69: Disclosure by the Statistics Board to devolved administrations
Amendments 210 to 212
Moved by
210: Clause 69, page 72, line 23, at end insert “, or
( ) the Registrar General for Northern Ireland.”
211: Clause 69, page 73, line 16, leave out from “by” to “or” in line 17 and insert “any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016,”
212: Clause 69, page 73, line 19, at end insert—
“( ) Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (10)(c) has effect as if it included a reference to that Part.”
Amendments 210 to 212 agreed.
Clause 69, as amended, agreed.
Amendments 213 to 213C not moved.
Amendment 213D
Moved by
213D: After Clause 69, insert the following new Clause—
“Creation of a digital system for lasting power of attorney
(1) The Secretary of State must by regulations make provision for a fully digital process to apply for and create a lasting power of attorney, and for the verification by appropriate bodies of attorneys appointed under this process.(2) Regulations under subsection (1) may in particular—(a) provide for the use of secure electronic signatures in place of any requirements for physical signatures;(b) use electronic online methods to verify the identify of donors and proposed attorneys, either in conjunction with or in place of electronic or physical signatures;(c) require at least one other person to be notified automatically when an application is made;(d) permit in-depth checking of selected applications; (e) require the involvement of a solicitor in the application process;(f) create an offence of knowingly or recklessly providing false information in relation to an application for a lasting power of attorney, subject to a maximum penalty on summary conviction of a term of imprisonment not exceeding six months;(g) provide for appropriate bodies to use secure online methods to verify the identity of an attorney or donor; and(h) cover both health and welfare lasting power of attorney, and property and financial affairs lasting power of attorney.(3) Regulations under this section must be made by statutory instrument and may not be made unless a draft of the instrument has been laid before and approved by a resolution of each House of Parliament.”
Baroness Finlay of Llandaff Portrait Baroness Finlay of Llandaff (CB)
- Hansard - - - Excerpts

My Lords I declare my interest as chair of the National Mental Capacity Forum, and in that role I have been working closely with the Office of the Public Guardian.

For some time the Public Guardian has wanted to move away from the wet signature requirement for the creation of lasting power of attorney for both health and welfare, and property and financial affairs decisions, as laid out in the Mental Capacity Act 2005. This amendment would allow that process to be purely electronic and carried out online, with the safeguards it outlines. A digital process should now be secure given the advances in technology since the original provision was made, and the amendment would simply allow the Secretary of State to make appropriate regulations rather than creating the process.

As the hour is late I am inclined to ask the Minister, if he has any reservations about this amendment and the powers it would give to the Secretary of State, to curtail the debate by meeting with me and the Public Guardian before Report. However, I am rather pre-empting the Minister’s decision. If he decides to accept my amendment, that would be just wonderful. I beg to move.

Lord Keen of Elie Portrait Lord Keen of Elie
- Hansard - - - Excerpts

My Lords, in view of the hour, it occurs to me that it would be appropriate to give a lengthy and detailed analysis of powers of attorney, and, indeed, to take us back to the Powers of Attorney Act 1971 and the subsequent developments of the law. Nevertheless, and despite the enthusiasm from the Opposition Benches, I am perfectly happy to accept the kind invitation advanced by the noble Baroness, Lady Finlay, and to meet with her to explain the Government’s position on this matter. I would be obliged if she could at this stage withdraw the amendment.

Baroness Finlay of Llandaff Portrait Baroness Finlay of Llandaff
- Hansard - - - Excerpts

My Lords, in light of the forthcoming meeting—which I am sure the Public Guardian will wish to join—I beg leave to withdraw the amendment.

Amendment 213D withdrawn.
House resumed.
House adjourned at 10.22 pm.