Read Bill Ministerial Extracts
Data Protection and Digital Information Bill Debate
Full Debate: Read Full DebateLord Davies of Brixton
Main Page: Lord Davies of Brixton (Labour - Life peer)Department Debates - View all Lord Davies of Brixton's debates with the Department for Science, Innovation & Technology
(1 year ago)
Lords ChamberMy Lords, I congratulate the noble Lord, Lord de Clifford, on his excellent maiden speech. I am sure that in this area and others he will be a valuable addition to the House.
One of the advantages of speaking towards the end of the debate is that much of what one could have said has already been said. I particularly enjoyed the speech from my noble friend Lord Knight of Weymouth highlighting the way in which the Bill is consistently behind the curve, always fighting the last war. To some extent, that is inevitable in a field like this, which is developing so rapidly, and I am not convinced that sufficient thought has been given to how developments in digital technology require developments in how it is tackled in legislation.
I think we will have an interesting Committee, in which I will participate as much as I can. The Minister will have a busy spring, with at least two major Bills going through. I hope the Whips have taken account of the number of concerns that have been expressed in this debate, and by external bodies, and that enough time will be allowed in Committee. A particular concern is the large number of amendments added at a late stage in the Commons, which have not had sufficient consideration. It will be our job to look at them in detail.
The proposal to allow the inspection of people’s bank accounts with no due cause is a matter of due concern, which has been mentioned by many people in this debate. I highlight the remarks of UK Finance, the representative body for the banking and financial sector. It says:
“These Department for Work and Pensions proposals have been suggested previously, but they are not part of the economic crime plan 2 or fraud strategy, which are the focus of industry efforts in terms of public-private partnership in tackling economic crime”.
UK Finance goes on to suggest that powers should be more narrowly focused, that they should not leave vulnerable customers disadvantaged—as would appear to be the case in the current drafting—and that further consultation is needed with consumer groups and charities to capture the wider needs of people affected by this proposal. It also suggests that the delivery time for this proposal should be extended even further into the future. For the benefit of the Minister, I shall just interpret that by explaining that what it is saying is, “We have no idea where this proposal came from. It has no part in the overall strategy that was being developed to tackle fraud and we want it pushed off into the indefinite future”—in other words, do not bother. Perhaps the Minister will listen to UK Finance.
I want to focus my remarks particularly on health and health data, which is a particular concern. It is so intimate and personal that it requires additional consideration. It is not just another piece of data; this goes to heart of who we are. The Government said in the context of the King’s Speech that this Bill has been written with industry and for industry. Well, quite. It is possible that some of the changes might result in less work for businesses, including those working in healthcare, but the danger is that the additional flexibility which is being proposed will in fact create additional costs because it is less clear and straightforward, there will be increased risks of disclosure of information that should not be disclosed, and the non-standardised regime will just lead to confusion.
Data regulation can slow down the pace of data sharing, increase people’s concerns about risk, and make research and innovation more difficult. Patients and the public generally quite rightly expect particularly high standards in this area, and I have concerns that this Bill makes the situation worse and that its influence is negative rather than positive. This is a danger, because it affects the public’s attitude to health and health data. If people are worried about the disclosure of their information, this impacts on them seeking and taking advantage of healthcare. That affects all of us, so it is not just a matter of personal concern.
One of the big arguments for the disclosure of health data is that it is available for scientific and developmental research. The need for this is recognised and there are additional safeguards. The UK Health Security Agency can reuse data that is collected by the NHS for the business of disease control, and that is something I am sure we all favour. However, the concept that any data can be reused for scientific purposes has grave dangers, particularly when this Bill fails to define tightly enough what the scientific and developmental research amounts to. The definition of scientific research here appears to apply to commercial as well as non-commercial outfits, whether it is funded publicly or is a private development. This is the sort of concern that we are going to have to tackle in Committee to provide people with the protection that they quite rightly expect.
If we look in more detail at health data, we see that it is protected by the Caldicott principles for health and social care data. It is worth reading the eight principles. The first sets the scene. It says, in the context of social care:
“Every proposed use … of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian”.
This Bill is in grave danger of moving beyond that level of protection, which has been agreed and which people expect. People want and expect better regulation of their personal data and more say over what happens to it. This Bill moves us away from that.
It is worth looking in this context at the views of the BMA, which is particularly concerned about health data. It emphasises the fact that the public expect high standards and calls on this House to challenge what it regards as the “problematic provisions” and to seek some reassurance from the Government. I will list what the BMA regards as problematic provisions and why it does not like them: Clause 11, which erodes transparency of information to data subjects; Clauses 32, 35, 143 and 144, which risk eroding regulatory independence and freedom; Clause 1, which risks eroding protections for data by narrowing the definition of “personal data”; Clause 14, which risks eroding trust in AI; Clause 17, which risks eroding the expertise and independence of organisational oversight; and Clauses 20 and 21, which risk eroding organisational data governance. We will need to explore all of these issues in Committee. The hope is that they will get the attention that they deserve.
When it comes to medical data, there is an even stronger case, which the Bill needs to tackle straight on, around people’s genetic information. This is the holy grail of data, which people are desperate to get hold of. It says so much about people, their background and their experiences. We need a super level of protection for genetic data. Again, this is something that needs to be tackled in the Bill.
There are other issues of concern that I could mention—for example, the abolition of the Biometrics Commissioner and Surveillance Camera Commissioner. This is a point of particular concern, raised by a number of bodies. It is quite clear that something is being lost by moving these over to a single commissioner. There is a softer power held by the commissioners, which, to be honest, a single commissioner will not have the time or the bandwidth to deal with.
There is also concern that there needs to be explicit provision in the Bill to enable representative bodies, such as trade unions and commercial organisations, to pursue complaints and issues of concern on behalf of individuals. The issue of direct marketing, particularly of financial services, needs to be addressed.
So there is lots to do on this Bill. I hope the Minister recognises that, at this stage, we are just highlighting issues that need to be looked at in detail, and that time will be provided in Committee to deal with all these issues properly.
Data Protection and Digital Information Bill Debate
Full Debate: Read Full DebateLord Davies of Brixton
Main Page: Lord Davies of Brixton (Labour - Life peer)Department Debates - View all Lord Davies of Brixton's debates with the Department for Science, Innovation & Technology
(9 months ago)
Grand CommitteeMy Lords, I rise to speak in favour of Amendments 1 and 5 in this group and with sympathy towards Amendment 4. The noble Lord, Lord Clement-Jones, will remember when I was briefly Minister for Health. We had lots of conversations about health data. One of the things we looked at was a digitised NHS. It was essential if we were to solve many problems of the future and have a world-class NHS, but the problem was that we had to make sure that patients were comfortable with the use of their data and the contexts in which it could be used.
When we were looking to train AI, it was important that we made sure that the data was as anonymous as possible. For example, we looked at things such as synthetic and pseudonymised data. There is another point: having done the analysis and looked at the dataset, if you see an identifiable group of people who may well be at risk, how can you reverse-engineer that data perhaps to notify those patients that they should be contacted for further medical interventions?
I know that that makes it far too complicated; I just wanted to rise briefly to support the noble Lord, Lord Clement-Jones, on this issue, before the new rules come in next week. It is essential that the users, the patients—in other spheres as well—have absolute confidence that their data is theirs and are given the opportunity to give permission or opt out as much as possible.
One of the things that I said when I was briefed as a Health Minister was that we can have the best digital health system in the world, but it is no good if people choose to opt out or do not have confidence. We need to make sure that the Bill gives those patients that confidence where their data is used in other areas. We need to toughen this bit up. That is why I support Amendments 1 and 5 in the name of the noble Lord, Lord Clement-Jones.
My Lords, anonymisation of data is crucially important in this debate. I want to see, through the Bill, a requirement for personal data, particularly medical data, to be held within trusted research environments. This is a well-developed technique and Britain is the leader. It should be a legal requirement. I am not quite sure that we have got that far in the Bill; maybe we will need to return to the issue on Report.
The extent to which pseudonymisation—I cannot say it—is possible is vastly overrated. There is a sport among data scientists of being able to spot people within generally available datasets. For example, the data available to TfL through people’s use of Oyster cards and so on tells you an immense amount of information about individuals. Medical data is particularly susceptible to this, although it is not restricted to medical data. I will cite a simple example from publicly available data.
My Lords, I will be brief because I associate myself with everything that the noble Baroness, Lady Kidron, just said. This is where the rubber hits the road from our previous group. If we all believe that it is important to maintain children’s protection, I hope that my noble friend the Minister will be able to accept if not the exact wording of the children-specific amendments in this group then the direction of travel—and I hope that he will commit to coming back and working with us to make sure that we can get wording into the Bill.
I am hugely in favour of research in the private sector as well as in universities and the public sector; we should not close our minds to that at all. We need to be realistic that all the meaningful research in AI is currently happening in the private sector, so I do not want to close that door at all, but I am extremely uncomfortable with a Secretary of State having the ability to amend access to personal data for children in this context. It is entirely sensible to have a defined code of conduct for the use of children’s data in research. We have real evidence that a code of conduct setting out how to protect children’s rights and data in this space works, so I do not understand why it would not be a good idea to do research if we want the research to happen but we want children’s rights to be protected at a much higher level.
It seems to me that this group is self-evidently sensible, in particular Amendments 8, 22, 23 and 145. I put my name to all of them except Amendment 22 but, the more I look at the Bill, the more uncomfortable I get with it; I wish I had put my name to Amendment 22. We have discussed Secretary of State powers in each of the digital Bills that we have looked at and we know about the power that big tech has to lobby. It is not fair on Secretaries of State in future to have this ability to amend—it is extremely dangerous. I express my support for Amendment 22.
I just want to say that I agree with what the previous speakers have said. I particularly support Amendment 133; in effect, I have already made my speech on it. At that stage, I spoke about pseudonymised data but I focused my remarks on scientific research. Clearly, I suspect that the Minister’s assurances will not go far enough, although I do not want to pre-empt what he says and I will listen carefully to it. I am sure that we will have to return to this on Report.
I make a small additional point: I am not as content as the noble Baroness, Lady Harding of Winscombe, about commercial research. Different criteria apply; if we look in more detail at ensuring that research data is protected, there may be special factors relating to commercial research that need to be covered in a potential code of practice or more detailed regulations.
Data Protection and Digital Information Bill Debate
Full Debate: Read Full DebateLord Davies of Brixton
Main Page: Lord Davies of Brixton (Labour - Life peer)Department Debates - View all Lord Davies of Brixton's debates with the Department for Work and Pensions
(8 months ago)
Grand CommitteeMost of what needed to be said has been said excellently and clearly by the other speakers. I have just three specific questions that I urge the Minister to answer. However, an important point of context needs to be made first on the opposition of the finance industry to these proposals. It is clear and unambiguous. It could be thought that the finance industry just does not want to bothered and does not care about fraud, but in fact it is making the point that the Government have failed to come up with an overall fraud strategy. This is just a one-off idea thrown up. Some bright spark thought, “Well, we could put this into the Bill. We’ve always wanted to have this sort of overweening power. Let’s shove it in here and hope no one notices”. We need a proper fraud strategy, as other speakers have said. We lose a lot of money to fraud, so none of us are against appropriate measures to deal with it, but this is a one-off, completely ill-timed and ill-thought-out addition to the state’s powers.
I turn to my three questions. First, I have no doubt that the Minister has a predisposition to oppose the state being able to interfere in our private information—I do not doubt that that is his starting point in these discussions. The problem with this proposal is that there is no way of ring-fencing the information required for the purposes of the DWP from all the other information that is disclosed by looking at someone’s bank account. Their whole life can be laid out in their bank account and other statements. You cannot ring-fence the necessary information. This is a widespread, total intrusion into people’s privacy. Does the Minister accept that there is no way of ring-fencing the information required for the purposes of the DWP from all the other information that is available from looking at someone’s bank account?
Secondly, I have several times heard the Minister discuss improving take-up of pension credit. Does he believe that this will encourage people to claim the pension credit to which they are entitled? It will clearly discourage them. Has this been properly assessed? We know that one big reason why people do not claim pension credit is the state’s intrusion into their private affairs. People do not like it. For some people, seeing an extension of the state’s ability to intrude into their private affairs will discourage them from applying. As I say, the Minister has rhetorically encouraged people to claim their pension credit; in practice, this proposal will discourage people. Does he accept that?
Thirdly, we have three debates on this issue and I think this question may arise more in the next group, but I will ask it now, so that I can come back and ask it again later. People have referred to claimants, but this also covers the state pension. It is possible to defraud the state pension, but it is nevertheless an income. Pension or income—whatever you call it; I do not think we should get too hung up on the vocabulary—it is paid as a right and people are entitled to these benefits.
One of the other theories about our state system is about identical benefits. Some people, like me, who have never been contracted out of the state scheme, have a full state pension, but a lot of people were contracted out into private schemes and personal pensions. Now, because I have that state pension, the state can intrude into my bank account. The state is paying me the pension; it can look at my bank account under these provisions.
However, if my pension were payable by Legal & General Assurance Society or the BP pension fund, they would not have the right to demand access to my bank accounts. I am just pointing out that we would react in horror if this Act gave power to the BP pension fund to trawl through my bank accounts. We would react in horror if we were giving power to Legal & General Assurance Society to go through my bank accounts, yet the Government believe that the state should have this overweening power. Does the Minister accept that and does he think that it is wrong?
No. With respect, I am talking about Justice, which I think referenced 40 organisations. There was no list of what those organisations are in the information it sent me. There is also Big Brother Watch and many others.
I just think that everyone needs to take, if I may use the word, a proportionate approach to this. We are talking about tackling a really serious offence. I think all noble Lords agree that we have to tackle fraud but I am sure, and hope, that my noble friend can reassure everybody. The current powers that the DWP has to ensure benefit correctness are mostly over 20 years old. Over that time, fraud has evolved and become increasingly sophisticated. The system currently relies on self-verification for many factors, and that is one of the issues. I know it would sound so much better if people could find another way to check whether someone is being honest about their assets, but the problem is that a lot of this is to do with self-verification.
The suggestion was made that this was carefully thought out and part of a long-term plan. Can the noble Baroness therefore explain why it was introduced into the Bill at such a late stage in going through the Commons, such that it did not receive any worthwhile consideration at all there?
I am sure my noble friend the Minister can talk about the particular timing of why it went into this Bill. Certainly in my time at DWP, the difficulty we had was finding the right Bill that we could add it to. This is one of the things that is really hard about being a Minister: you cannot just say, “This is something we have to do”. You have to find a route—like finding a route to market—to include a measure in a Bill that is relevant. This Bill is entirely relevant in terms of where we are now on data collection. The Minister and his team were right to choose this particular Bill.
I could go on.
My Lords, in relation to the excellent speech of the noble Baroness, she mentioned “personal” accounts. I would like to double-check that business accounts, charitable accounts and other accounts that have one’s name or one’s partner’s name on, or are connected, do not go on ad infinitum.
Because of the way the amendments are grouped, I have the opportunity to repeat my questions. The first one is relatively straightforward. Does the Minister accept that introducing these provisions—obviously we are talking about Amendment 234 on pensions—will discourage people from claiming pension credit? Despite all the efforts of the Government to encourage people to claim pension credit, clearly this will discourage them. Have the Government made any effort to estimate what impact this will have? Obviously, it is a very difficult task, but have they thought about it and does the Minister accept that it will have a deterrent effect.
My second question relates to the issue I have already raised. The state pension or state pension equivalent is paid by the state, by a pension fund or by a personal pension provider. Does the Minister think it odd that there is a difference in treatment? Everyone is receiving their pension from the state, but with a person who receives their pension from a private pension scheme or personal pension provider there is not the same right to look at their bank accounts in relation to those benefits. Now I am not advocating that as a solution. The question is: does this not indicate the illogicality and extent of the Government’s powers over some people’s incomes that they do not have over other types of income? To me, particularly when it comes to the payment of a pension—a benefit paid as of right—this discontinuity points to the extent of the Government’s overreach.
My Lords, I must begin by joining the general applause for the characteristic tour de force from the noble Baroness, Lady Sherlock. I was having a flashback because it was the noble Baroness in debate on what is now the Pension Schemes Act 2021 who taught me how to cope with Committee stage very kindly a long time ago —and we are very used to that. I rise briefly to address this group, but I start by saying in relation to the last group that I entirely agree with the proposition that Clause 128 should not stand part: the spying clause should not be part of the Bill.
I have a couple of points to make on the amendments in this group, one of which was raised by the noble Lord, Lord Clement-Jones, on the last group and is about protecting the Government from themselves. The amendments put down by the noble Baroness, Lady Sherlock, are probing. However, if we were to restrict the Government’s use of these powers, they might end up at a vaguely manageable scale. It is worth raising that point when we look at these groups.
That point is very much noted. I will certainly take it back. Clearly, we need to provide greater reassurance on the limits and scope, as well as on what we are trying to do. I regret that I am not able to give those answers in full to the Committee now but I hope that, today, I have already taken us further forward than we were before we started. That is quite an important point to make.
I shall touch on the benefits that are in scope of this measure, a point that was raised by the noble Baroness, Lady Sherlock. I think the noble Baroness wishes to restrict the power to working-age benefits, but pension-age benefits are not immune to fraud and error—I wanted to address that—and it is our duty to ensure that these benefits are paid correctly and in line with the benefit eligibility rules that Parliament has previously agreed. Every payment that the DWP makes has eligibility criteria to it. Parliament has considered these criteria in the passage of the relevant social security legislation, and the Government have a responsibility to check that payments are being made in line with those rules so that taxpayers’ money is spent responsibly.
Pension benefits other than pension credit have eligibility criteria attached, but I do not know any eligibility criteria applying to pensions that you could discover from someone’s bank account.
The example that the noble Lord will be aware of links to what the noble Lord, Lord Sikka, was saying about some pensioners who have moved abroad but, for whatever reason, have not told us that they have done so and continue to receive the uprating. The figure for the fraud aspect—or it could be error—linked to state pensions is £100 million.
Presumably the DWP already knows the address of the bank account to which an overseas pension is being paid. Why does it need to know any more?
My understanding is that it needs to have these powers to be able to cover the ground properly. I say again that these powers are limited, and whatever comes from the data that is requested from the third parties will end up being, we hope, limited. Even then, it may not be used by us because there is no need to do so.
The power covers all relevant benefits, grants and other payments set out in paragraph 16 of new Schedule 3B to the Social Security Administration Act 1992, as inserted by Schedule 11 to the Bill. To remove pension-age payments from the scope of the power would significantly undermine our power to tackle fraud and error where it occurs. Pension-age payments are not immune to fraud and error, as I have mentioned. I will give an example of that. The noble Baroness, Lady Sherlock, asked whether people would be notified of their bank accounts being accessed.
Data Protection and Digital Information Bill Debate
Full Debate: Read Full DebateLord Davies of Brixton
Main Page: Lord Davies of Brixton (Labour - Life peer)Department Debates - View all Lord Davies of Brixton's debates with the Department for Science, Innovation & Technology
(8 months ago)
Grand CommitteeMy Lords, I apologise to the Committee that duties elsewhere in the House prevented me from attending the last two debates on Monday and so from speaking to the amendments that I had tabled and signed. However, I have read the Official Report with care.
I cannot pretend to be a data protection nerd, or even a social security nerd, like some speakers in those debates, but I hope that I pass muster as a surveillance nerd, having written for the Home Secretary two of the reports that informed the Investigatory Powers Act 2016 and, more recently, a report that informed the Investigatory Powers (Amendment) Bill, which I see is to be given Royal Assent tomorrow.
I support all the amendments in the name of the noble Baroness, Lady Sherlock, in this group. Of course there must be a code of practice. Of course it must be consulted on and scrutinised. I would add that that of course we could not contemplate passing this schedule into law until we have seen and studied it. An annual report of the sort that accompanies the reasonable suspicion power to issue financial institution notices, exercised by HMRC under Schedule 36 to the Finance Act 2008, would also be useful. For example, it is from the last of those reports, dated January 2024, that I learned that these reasonable suspicion tax information powers were now being used to obtain location data—something that it had previously been said would not be done.
Dan Squires, one of the authors of the legal opinion that I know was referred to on Monday, is not only a King’s Counsel but a deputy High Court judge and a genuine expert in this area. He and his junior, Aidan Wills, point in that opinion to the personal nature of some of the data that could be harvested under the proposed power and advise that Schedule 11 does not come close to the safeguards required for compliance with Article 8. They refer in particular to the striking lack of clarity about the grounds on which and the circumstances in which the proposed power can be used, as well as to the absence of both independent authorisation and independent oversight. They point out that, although saving up to £600 million over five years is a very important objective, it weighs no more heavily—indeed, probably less heavily—than the normal justifications for obtaining information in bulk: protecting national security and the prevention and detection of serious crime. Their opinion is well referenced, persuasive and consistent with the view on proportionality expressed by both the Information Commissioner and the Constitution Committee, on which I sit.
On Monday, the Minister referred to the power in Schedule 23 to the Finance Act 2011 to obtain certain data items from particular classes of data holder—for example, employers and land agents. So I had a look at that schedule and the data-gathering regulations under its paragraph 1. The power would appear to apply only to certain tightly defined items, such as payments made by the employer or arising from use of land. There would appear to be a noticeable contrast with location data, personal spending habits and so on, which fall within the scope of the powers in this schedule, as they are written in the Bill. Both HMRC and the Home Office operate under powers tightly defined in legislation. Assurances that those powers will be used in a restrained way, as Justice has commented in its useful briefing on the Bill, simply do not cut it. I am afraid that the law requires the DWP to be subject to the same constraints.
I am concerned: concerned that this important new power was not subject to detailed consultation or even to scrutiny by a Commons Bill Committee, where useful evidence could have been heard; concerned that it could even have been contemplated that so vague a power might be in the Bill and not accompanied by a code of practice; concerned about the absence of an independent approval and oversight mechanism, equivalent to the Office for Communications Data Authorisations and the Investigatory Powers Commissioner’s Office; and concerned that, if we do not get this potentially valuable power right from the start, it will immediately be subject to legal challenges, which will swiftly render it unusable.
If, as I believe, Schedule 11 is currently unfit for purpose, is there time to rescue it? I have a couple of practical suggestions. First, I saw the investigatory powers unit from the Home Office when it happened to be in the House yesterday, and I wondered if there might be utility in it comparing notes with the Bill team about these types of powers and their attendant safeguards.
Secondly, I hope the Government appreciate the significance—at least to us nerds in the Committee—of the legal analysis of Dan Squires KC and Aidan Wills. If we are to be told that it is mistaken, which would certainly be unusual, I for one would like to see that backed up by an opinion from a lawyer of equivalent stature, whether at the GLD or independent counsel, explaining precisely and persuasively why Mr Squires and Mr Wills are wrong. Otherwise, and without significant change of the type identified in the opinion, I am afraid I am not inclined to give this schedule the benefit of the doubt.
I signed up to the stand part notice of the noble Baroness, Lady Kidron, thinking it would at least be a platform to think about what amendments to the schedule might be needed. The more I read the schedule and the more I hear about it, the more I am driven to the conclusion that, if we do not see substantial change, opposing the schedule may be the way that we have to go at the next stage.
In the two previous groups, I raised pension credit, and it is notable that the noble Viscount the Minister has not responded on that point. As such, my automatic assumption is that he believes that the implementation of these powers will deter people from seeking pension credit, which is contrary to the Government’s declared policy to encourage people. I mention that in passing, given this opportunity.
My other moan is about the impact assessment; there is none. I do not like the impact assessment that we have. It is a totally impenetrable and meaningless document, which is clearly there just as a matter of form rather than as a serious attempt to try to inform participants in these debates about what is in the Bill and what impact it will have on people and organisations.
My specific points are broadly in line with the points raised by UK Finance, the overall organisation for financial organisations, including banks and insurance companies, which continues to have serious concerns about these provisions. I think we should listen carefully to what it says. In particular, if we are going to have these powers then, in line with the amendments tabled by my noble friend Lady Sherlock, we have to make sure that they are introduced in an effective way that appreciates the vulnerabilities of customers.
That is correct. I hope indeed that it provides some reassurance that extending it to the banks and financial institutions initially is deliberately designed to be narrow. It would be subject to both Houses to debate other areas beyond those. I am coming on to address that. The noble Baroness asked about phone companies. Simply put, we will be able to designate the third parties that fit within the provisions of this legislation where they hold information that would help us to verify whether someone meets the eligibility criteria for the benefit that they are receiving. However, ultimately, it would be for Parliament to decide whether a third party can be designated under this power, as we must bring affirmative regulations forward to do this. We have that power.
To be clear, they already have some information about claimants or recipients. Does this Bill make any difference to that information? Can they already use the information that they have for these purposes, for example the name and address of a claimant’s bank account, or does this Bill extend the use of information to other information that they already have?
Indeed, that is correct. I hope that is helpful and gives the noble Lord reassurance. To clarify, we have our normal business-as-usual processes so, where we are able to—with the restriction of not at present being able to use the banks and financial institutions as a conduit—we have those powers. However, obviously, as has been made clear by the ICO, there is no alternative to needing the help of banks and financial institutions to go further in tackling the ever-greater sophistication of fraud.
The noble Baroness, Lady Sherlock, asked whether we could issue an AIN to a bank other than that into which the benefit is paid. The answer is no. The power is exercisable only in respect of a matching account that meets the criteria in an AIN and receives a benefit payment. If this is not the case, the Secretary of State cannot require them to supply that information.
When it comes to issuing an AIN, DWP will be able to exercise these powers only for payments for which it is responsible. This means that DWP cannot exercise this power with some benefits that fall under the legislation, such as child benefit, as was mentioned on Monday. I know that the noble Baroness, Lady Sherlock, raised this issue. As I committed to do on Monday, I will provide in writing more detail on the scope of the measure and on these limitations, which will require more time.
I will also ensure that my letter is clear on how the measure will impact appointees, joint claims and other such accounts. I am well aware that a number of questions were asked about this matter on Monday but, in the interests of time, I will move on.
I turn to proofs of concept. I also want to speak about our approach to delivery, in particular how we plan to test delivery before we gradually scale up operational delivery; I am aware of the time, but I hope that the Committee will indulge me. Our planned period of “test and learn” will build on our learning from our two previous proofs of concept, which we conducted in 2017 and 2022. These demonstrated the effectiveness of this approach and contributed to the OBR’s certification that the measure will save up to £600 million over the next five years.
The two proofs of concept that I mention are important. I hope that the Committee will be interested to read the results, which demonstrate why we need to do this. Without further ado, let me say that I will set out the details of these two examples in the letter as well, which will, I hope, be helpful.
The noble Lord, Lord Vaux, who is in his place, the noble Lord, Lord Clement-Jones, and the noble Baroness, Lady Sherlock, spoke about the regulatory impact assessment on Monday. I just want to use this time to reassure them on that. More information on these proofs are contained within the RIA, which was, as noble Lords will know, green-rated by the RPC.
On “test and learn”, we have a clear view on how this power may work. We are already working with third parties in readiness to commence the formal “test and learn” period in early 2025 and preparing the code of practice in advance of that. I will come on to that in just a second—in fact, I will come on to it right now, given the time. I shall refer to Amendments 225 to 232 in the name of the noble Baroness, Lady Sherlock.
To support the delivery of this measure, we will produce the code of practice to help define how the measure will work, with explanations. I assure the noble Baroness and the Committee that the code of practice is already in development; we are working positively with around eight leading financial institutions through an established working group that meets regularly to shape the code. We are fully committed to continuing that work; I think I covered the timing of that earlier in my remarks. Accepting Amendments 225 and 226 in the name of the noble Baroness would therefore, we believe, have minimal effect. I am clear that DWP will produce a code of practice, which will be consulted on; I have also set out the sort of detail that it will contain. Accepting them may also potentially restrict our ability to develop the code of practice further as we understand more from “test and learn”.
Because we are developing this collaboratively with banks, I am not yet in a position to share the draft code, as I mentioned; I have given certain reassurances on that. However, I can say that it will provide guidance on issues such as the nature of the power and to whom it will apply. It will also provide information on safeguards, cover data security responsibilities and provide information on the appeals processes should a third party wish to dispute a request. We will engage with SSAC, to help the noble Baroness, Lady Sherlock, as we bring forward the affirmative regulations. On balance, I believe that the best course is to consult on the code of practice rather than rushing to define it now.
No, indeed, it is a deeply serious point. I do not know the number off the top of my head but there are a number of deaths every year as a result of these things.
As I was saying, a thorough impact assessment was undertaken for the NUAR measures, which received a green rating from the Regulatory Policy Committee. Impacts on organisations that help facilitate the exchange of data related to assets in the street were included in the modelling. Although NUAR could impact existing utility—
I cannot resist drawing the Minister’s attention to the story in today’s Financial Times, which reports that two major water companies do not know where their sewers are. So I think the impact is going to be a little bit greater than he is saying.
I saw that story. Obviously, regardless of how they report the data, if they do not know, they do not know. But my thought was that, if there are maps available for everything that is known, that tends to encourage people who do not know to take better control of the assets that they manage.
A discovery project is under way to potentially allow these organisations—these alternative providers—to access NUAR data; LSBUD has been referenced, among others. It attended the last three workshops we conducted on this, which I hope could enable it to adapt its services and business models potentially to mitigate any negative impacts. Such opportunities will be taken forward in future years should they be technically feasible, of value, in the public interest and in light of the views of stakeholders, including asset owners.
A national underground asset register depends on bringing data together from asset owners on to a single standardised database. This will allow data to be shared more efficiently than was possible before. Asset owners have existing processes that have been developed to allow them to manage risks associated with excavations. These processes will be developed in compliance with existing guidance in the form of HSG47. To achieve this, those working on NUAR are already working closely with relevant stakeholders as part of a dedicated adoption group. This will allow for a safe and planned rollout of NUAR to those who will benefit from it.