HC Deb 19 February 1990 vol 167 cc721-52 7.37 pm
The Parliamentary Under-Secretary of State for the Home Department (Mr. Peter Lloyd)

I beg to move,

That the draft Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) (Amendment) Order 1990, which was laid before this House on 30th January, be approved.

Before discussing the reasons for the order, I should like to say a little about the Data Protection Act 1984, under which the order will be made. The Act has its origins in the 1981 European convention for the protection of individuals with regard to the automatic processing of personal data.

When the Act came fully into force on 11 November 1987, we were able to ratify the convention. The convention and the Act balance the duties of data users—that is, those who hold and process personal data on computers—with protection for data subjects—those about whom the data are held.

Data users have an interest in the legislation, because compliance with the convention enables transfer of data to and from other ratifying countries without artificial obstruction; and data subjects benefit from the protection and the rights given to them under the Act. The legislation was enacted in July 1984, and Mr. Eric Howe became the Data Protection Registrar. Mr. Howe was recently reappointed for a further five-year term. The registrar is independent of Government and reports directly to Parliament: his fifth annual report was published in July 1989.

The main duties of the registrar are to maintain a public register of data users to ensure registration by those data users, to promote observance of the data protection principles set out in the schedule to the Data Protection Act 1984; to give advice and guidance on good practice; to consider complaints, and generally to enforce the Act. With around 130,000 registered data users and hundreds of millions of automated personal data files, and new situations and issues arising every day, that is a substantial task. I should like to take this opportunity to thank Mr. Howe for the way in which he and his office have carried out their duties under the Act.

In addition, I should say that the working of the Act is being reviewed by an interdepartmental committee chaired by the Home Office with representatives from the Department of Trade and Industry and the Department of Employment and with the Data Protection Registrar as adviser. The terms of reference of the committee are as follows: to review the implementation of the Data Protection Act, particularly with regard to the impact on data users of registration requirements; and to make recommendations. The review was occasioned by the Government's deregulation policy and concern among data users about administrative burdens arising from the Act. The committee hopes to report to my right hon. and learned Friend the Home Secretary fairly soon, but obviously I cannot say what its recommendations might be.

Mr. Steve Norris (Epping Forest)

As a result of the review, will one of the options be the scrapping of the bureaucratic machinery by which privileges under the Data Protection Act are maintained? Surely my hon. friend agrees that it represents a considerable administrative operation involving many staff and a great deal of money. There is a respectable school of thought that believes that all that is needed in the circumstances is the basic legislation and the right of access to the courts. In that event there would be an opportunity to save a great deal of public money and to provide a more realistic framework of protection.

Mr. Lloyd

We are having the review because we want to ensure that the Data Protection Act does not merely do its job, but does it in a manner that results in the least burden on industry and on data users, while maintaining the protection that data subjects have a right to expect. The purpose of the committee is to go as far as my hon. Friend the Member for Epping Forest (Mr. Norris) wants to go, subject to the protection that data subjects should have under the Act, which it was designed to give them.

The order needs an affirmative resolution in both Houses if it is to come into effect. The Data Protection Act gives subject access rights to individuals. That means that they have a general right of access to automated personal data held on them by a registered data user. But there are exemptions, so that, for example, personal data held for the purposes of prevention or detection of crime are exempt if allowing access would be likely to prejudice that purpose.

The Act also enables the Secretary of State to make certain further exemptions by order. Hon. Members may remember that we debated four such orders on 3 November 1987; an account of those debates may be found at columns 885 to 905 of the Official Report. One of them was the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) Order 1987, made on 9 November 1987 under section 30(2) of the Act. It exempted data held for the purpose of regulating financial services from the subject access provisions of the Data Protection Act. The reason for the exemption is that, without it, a data subject could discover what information regulators held about him and thus frustrate the detection or investigation of his malpractice and potential court proceedings.

While the protection of data subjects is very important and indeed at the heart of this legislation, should not their rights be overriding in all cases. In this particular case, Parliament considered that the interests of others—for example, those damaged by the suspected malpractice—must prevail.

The order amends the 1987 order in the light of sections of part III of the Companies Act 1989, which will come into force on 21 February, and of part VIII of that Act, which it is proposed should be brought into force on 15 March.

Mr. John Butterfill (Bournemouth, West)

What will be the effect of the order on data held about patients by the National Health Service? Will such patients be protected adequately, and will the concerns expressed by the medical profession be met?

Mr. Lloyd

The order will have nothing to do with those categories, because we are discussing delegated legislation as a result of the Companies Act 1989 rather than legislation pertaining to data held on patients or other individuals in other sectors. As my hon. Friend knows, some private Members' legislation on that matter made such data more available to the individual concerned. It is to that and any subsequent legislation that my hon. Friend should look in this instance.

The order brings the 1987 order into line with new powers in the Companies Act 1989. First, while the Companies Act 1985 enabled the Secretary of State to require production and explanation of a company's records, the Companies Act 1989 allows competent persons other than departmental officials to carry out such inquiries. That will enable the Secretary of State to bring in special expertise in increasingly complex cases and will give more flexibility to cope with sudden increases in work load.

Secondly, the 1989 Act will enable the Secretary of State to assist overseas regulators in the company law, financial services and insurance spheres by investigating in the United Kingdom on their behalf. The new power will protect United Kingdom investors by helping overseas regulators who are investigating wrongdoings that may have been perpetrated by persons who, undetected, would subsequently be free to carry on investment business into or in the United Kingdom. It will also help our investigators to gain reciprocal assistance from overseas regulators, particularly those who already have compulsory investigation powers that can be used on behalf of overseas regulators—for example, the United States Securities and Exchange Commission.

The new power is thus a response to the current and expected sophistication and internationalisation of markets with transactions straddling one or more national borders.

Mr. Butterfill

My hon. Friend will remember that, when we discussed the Financial Services Act 1986, considerable concern was expressed about the need for confidentiality in some areas. There was particular concern that some institutions in London, which relied upon confidentiality for their investors, should not have their legitimate interests prejudiced in a way that affected the viability of the London market and encouraged people to place their business outside London. Is my hon. friend satisfied that the order will not be a licence for overseas investigators to come in and look at everything that is going on, to the detriment of our market?

Mr. Lloyd

My hon. Friend is right to be concerned. The order does not make it mandatory upon the Secretary of State to provide the information for which he is asked by an overseas agency or country, but it empowers him to transfer that information, when he thinks there is good reason, to countries that have also signed the convention—it has similar rules to the Act that we brought in. I am certain that we have the necessary safeguards and that the Secretary of State will not exercise his right to transfer that information without good reason.

To unravel a suspected breach of the law, regulators frequently and increasingly find it necessary to trace transactions to all the countries to which they have ramified.

Thirdly, part VIII of the Companies Act makes various amendments to the Financial Services Act 1986. Most of them relate to the powers of the Securities and Investments Board, which exercises powers under the Financial Services Act transferred by the Secretary of State. As Parliament recognised in approving the 1987 order, it may be essential for the effective operation of a regulator such as the board that individuals on whom data are held are not able to have access to those date.

Part II of the schedule to the order therefore updates the 1987 order to take account of modified or new functions under the amended Financial Services Act. In particular, the Companies Act amendments confer new powers to issue statements of principle and codes of practice to designated rules as applying directly to members of a self-regulating organisation recognised by the Securities and Investments Board and to use the enforcement powers in the Financial Services Act to assist an overseas regulator.

Mr. Butterfill

Does my hon. Friend realise that one of the criticisms levelled at the way in which the Financial Services Act operates in practice has been that it has led to an enormous increase in regulations and, therefore, a huge increase in the cost of compliance for companies operating in London? Many of those companies feel that it has led them to be less competitive internationally. Is my hon. Friend happy that the increased number of regulations required by the order will not inhibit our domestic market?

Mr. Lloyd

The Financial Services Act is not a matter for me and is certainly beyond the scope of our discussions tonight. The order does not give extra work to companies, but it gives the Secretary of State more freedom to make the investigations that he is already empowered to make and to transfer information abroad under conditions that are in our interests. It does not create any new burdens for the City, industry or any other data user.

The principles, designated rules and codes of practice provide the primary regulator with more flexibility in regulating the carrying on of investment. The order is not controversial. It has been the subject of detailed discussion between my Department and the other Departments in Whitehall with the main interest in its subject matter. As the Act requires, the Data Protection Registrar has also been consulted and is content with the order. Therefore, I happily commend it to the House.

7.53 pm
Mr. Stuart Randall (Kingston upon Hull, West)

The order is complicated and an example of how not to draft legislation. I refer specifically to part II of the schedule. I have spoken to a few people today, none of whom seems to understand what this is about. I appreciate the Minister's explanation, which has helped considerably. In the explanatory note, only two full lines are devoted to part II. If we are to produce such orders in future, the House should be given a proper explanatory note so tha.t we understand what we are dealing with.

As the Minister said, the order deals mainly with consequential amendments emerging from the Companies Act 1989. It extends the list of functions in the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) Order 1987, which is embraced by section 30 of the Data Protection Act. This means that individuals will be further denied access to computer files containing information about them. In losing that liberty, individuals give authorities the opportunity to identify fraud and maladministration in the financial services industry.

The Government will claim that they have got the balance right between these two aspects, and are minimising individuals' loss of liberty against the broader benefit of stamping out maladministration. How do we know that that is so? How can we be sure that the Government are not erring on the side of oppression—a strong word, but one which serves in tonight's debate?

Mr. Butterfill

I do not know whether, in his constituency, the hon. Gentleman has experienced the same as I have in Bournemouth, West. There, a large number of investors in Barlow Clowes thought that they had lost their entire life savings. Only the generosity of the Government has enabled them to recover most of them, and I am grateful to my hon. Friend the Minister for that. Surely the hon. Member for Kingston upon Hull, West (Mr. Randall) would accept that such fraud is sufficiently serious to warrant this order—indeed, makes it essential.

Mr. Randall

I fail to see the logic of that. We all have constituents who have been affected by Barlow Clowes. However, a balance must be struck. We must ensure that people have access to files about themselves. The order would prevent people from having access to those files so that the Department of Trade and Industry could carry out investigative work and not be impaired by people making public information that would create difficulties for the DTI. I fear that the Government are erring on the side of oppression—I use that word intentionally, because it illustrates my point.

It is exceedingly difficult to establish whether the balance is right. Why are the exemptions under section 30 of the Data Protection Act 1984 so extensive? The 1987 order, or the 1987 version of what we are discussing—now we have the television cameras on us, the public can see the scale of it—

Mr. Irvine Patnick (Sheffield, Hallam)

It is small print.

Mr. Randall

The Government Whip, who should be silent, says that it is small print. He strengthens my argument: the print is small and we can see the extent to which people's freedom of access to files has been limited. Why are the exemptions so extensive? For example, why, under the 1987 order, do the Bank of England's functions result in limiting individuals' access to their personal files? Why is that necessary? Why are the functions in relation to the certification of directors restricted?

Some people might say that there are pretty obvious reasons for making personal files exempt under section 30 of the Data Protection Act. I am not sure on what grounds we could argue that tonight in the context of this order. No one here knows the principles on which those decisions are taken. I have given just two examples, but there are yards of them. How was the list arrived at? It arises from within the Department of Trade and Industry which in turn consults the Data Protection Registrar. The Minister explained that at some length. However, the power and influence of the registrar is exceedingly limited. It would be almost impossible for him or the Home Office to assess whether the huge list of additions that we are considering makes sense. The Data Protection Registrar, who is independent, is not, unlike the DTI, involved in investigative work, so he cannot make many suggestions.

I imagine that the registrar would simply say that he could see no obvious reason why these functions should not exist. It is clear, therefore, that the role of the indpendent registrar in establishing whether limits should be placed on individuals' access to personal files is highly limited. The initiative and power rest with the DTI.

I am dubious whether the Government have struck the right balance between people's freedom to see files about themselves and the benefits of denying access in tackling corruption in the financial services industry. I am inclined to be a little suspicious of the Government in this respect. I suspect that they will tend to restrict people's access to their files merely because of the ethos of secrecy that pervades Whitehall. The Opposition see great virtue in creating a more open society. We should like a freedom of information Act that would go much further towards compelling Departments to provide information far more readily.

Most other countries in the developed world, including Australia, Canada and the USA, are way ahead of Britain, and we are beginning to look outdated and obsessed with secrecy. Few would disagree with that proposition. There must be a change, and we must develop our democracy.

Mr. Norris

The hon. Gentleman will know that, as a recently retired chairman of the campaign, I broadly agree with him about the desirability of a freedom of information Act. But does he agree that the Australian and American systems have fairly comprehensive exemptions relating to commercial confidentiality, because of the obvious desirability of such confidentiality in investigations of fraud?

Mr. Randall

I do not argue against exemptions; I argue against unnecessary exemptions. I do not know from the information in the order whether these exemptions are necessary or unnecessary. I challenge hon. Members to judge whether they are. We cannot make an assessment, because the information is not available.

Mr. Butterfill

Does the hon. Gentleman accept that the order gives discretion to the Secretary of State? He will be accountable—eventually—directly to Parliament. Is not that the safeguard that we need?

Mr. Randall

The hon. Gentleman is not quite right. The Secretary of State has certain powers and is expected to carry out certain functions. To do so he has to ensure that the availability of information does not prejudice the carrying out of those functions. The 1987 order and this order make the number of functions embraced by section 30 of the Data Protection Act 1984 very large—

Mr. Deputy Speaker (Mr. Harold Walker)

Order. I am reluctant to interrupt the debate, but there are limits. Presumably the order to which the hon. Gentleman is referring came before, and was approved by, the House. We cannot reopen that debate now.

Mr. Randall

I agree. I am talking about the way in which this order extends the scope of the 1987 order. I question whether the list should be as long—

Mr. Deputy Speaker

Order. That would be going beyond the bounds of what is proper tonight. We are debating the merits or otherwise of the matters intended to be added to the list. We cannot discuss the generality of that list, or whether it is too long or too short.

Mr. Norris

On a point of order, Mr. Deputy Speaker. Surely, at the point at which we approve the new order, we are reconstituting the earlier legislation—

Mr. Deputy Speaker

Order. The hon. Gentleman is seeking to challenge my ruling, or to debate it, and that he cannot do.

Mr. Randall

I do not challenge your ruling, as you very well know, Mr. Deputy Speaker. The Minister referred to the additional functions of certain persons in assisting overseas regulatory authorities. Those functions make the overall list rather long, but I note your comments, and will refrain from pursuing the point.

Other countries have shown that huge savings can be made by rooting out poor and inefficient administrations. Had they not encouraged more openness, the public in those countries could not have challenged the authorities, because they would not have had the information with which to do so. The information revolution in the developed world—it is directly related to the information held in the computer files referred to in the order—is moving at an incredible pace. We must match these impressive developments in technology and information with equally impressive developments in openness so as to protect people's privacy and access rights.

Mr. Butterfill

Does the hon. Gentleman agree that, although we all accept that the rights of the citizen need safeguarding, if we allowed unlimited access to information, it could tend to inhibit the functions of an Executive and make it unduly cautious? If they know that everything they do may be subject to public scrutiny, an Executive may always be inclined to err on the side of caution and never propose anything innovative or exciting.

Mr. Randall

I am not advocating unlimited access—that would he absurd—but this order prompts the question: are we going in the right direction? Massive changes are under way.

I should like to deal with some specific parts of the order. Why does paragraph 2 of part I of the schedule limit access to personal files via section 30 of the Data Protection Act 1984 in connection with persons assessing overseas regulatory authorities? The Minister touched on that in his speech, but I should be grateful for a little more detail.

One could argue that the exemption order is needed to investigate malpractice involving computer data in the United Kingdom. However, the files could be held at the same time in another country. One could argue that we have access via the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) Order 1987 to United Kingdom regulators, and now we need access to overseas regulators. I accept that argument, but I am still not satisfied that we are maximising the extent to which we provide access by individuals to personal files. We seem to be using a massive sledgehammer to crack a very small nut.

Mr. Butterfill

Does the hon. Gentleman suggest an arrangement under which information provided for the investigation of overseas fraud by an overseas regulator should be made available to a United Kingdom citizen who might be the subject of such an investigation by an overseas regulator?

Mr. Deputy Speaker

Order. That is going well beyond the scope of the order.

Mr. Randall

We all want corruption and maladministration to be eliminated. If a company or the Government wish to restrict access to personal files, the burden of proof for the restriction should rest with the company or with a Department. Why not make public the justification for restricting a person's access to his own files? That has not been referred to, but I do not see why it should not happen.

I do not suggest that we should make public all the details surrounding a case involving corruption. Plainly, such information would have to be exempted. I am talking about setting the principle on which restriction of access to information is made public. I should be interested in whether the Minister finds that broad principle acceptable. To me it is not at all unreasonable. It may be hard for some people to swallow, but I think that this is how matters will continue to proceed, now and in the future.

Part II of the schedule seems to relate to exempting, via section 30 of the Data Protection Act, certain new functions that are now part of the Financial Services Act 1986. I imagine that the new functions in that Act have arisen through changes in the Companies Act 1989. Perhaps the Minister will explain specifically the functions referred to in paragraph 4 of part II of the schedule because I cannot understand them. Paragraph 5 of part II talks about Functions … in relation to exemption of advertisements". That is gobbledegook, and we should have had an explanation. I am sorry to have to ask the Minister to explain such things.

Will the Minister explain the thinking behind paragraph I of part I of the schedule? It says that the Secretary of State would authorise an officer to carry out investigations. Why does the paragraph refer to an "other competent person"? Is it because the Department of Trade and Industry has reduced its staff to such an extent that it no longer has the expertise to carry out that vital work, or is it a deliberate policy to involve the private sector rather than civil servants? I have no hang-ups about the private sector, but I wonder whether such sensitive work involving personal privacy should not be done by Government officials.

8.15 pm
Mr. Steve Norris (Epping Forest)

The order follows a long tradition of orders that recognise the importance of data protection and the rights of subjects to have access to that data, while at the same time excluding such data from public access.

Like the hon. Member for Kingston upon Hull, West (Mr. Randall), I should like to look in detail at the schedule. I shall comment first on the interesting substitution in part I: or other competent person authorised by the Secretary of State". The 1987 order designated an officer. I assume that the new wording is necessary because, quite properly, in the discharge of his functions, the Secretary of State may wish to empower an outside investigator or inspector to gain access to information about a person that is pertinent. under the order.

That is to say, it may be financial data about the person, which could lead to prosecution for dishonesty or fraud. If such an authorised "other competent person" was not mentioned in the order, the Secretary of State would be limited in the way in which the powers could be exercised. Perhaps when my hon. Friend the Minister winds up he will comment on that.

I was intrigued by the amendments in part II of the schedule. Paragraph 3 contains an interesting change because the words rules, guidance, arrangements or restrictions are to be removed and the words rules, statements of principle, regulations, codes of practice, guidance, arrangements or practices are to be substituted. It looks as if someone sat down with a lexicon or perhaps "Roget's Thesaurus" and tried to discover all the variations of the word "rules", having previously come up with only four.

Why are "statements of principle" suddenly involved in the legislation? The House has been advised that this is merely a technical order. If so, why is it necessary to introduce something as fundamental as "statements of principle"? The original statement of principle in section 28 of the Data Protection Act 1984 included substantial exclusions. No doubt hon. Members will recall that. Those were exclusions of any information concerning (a) the prevention or detection of crime; (b) the apprehension or prosecution of offenders; or (c) the assessment or collection of any tax or duty". I was on the Committee that examined that Bill in 1984 and for the life of me I could not think what other activity could not be covered by those exclusions, especially in the case of financial services. I am at a loss to understand why it is now necessary to include a new statement of principle in the entry relating to the functions under chapter XIV of part I of the Data Protection Act 1984, in place of the words rules, guidance, arrangements or restrictions. Similarly, I am unsure why codes of practice are to be included. I imagine that that is because codes of practice, whether statutory or non-statutory, may have a binding effect on any regulations that are relevant under the order. Again, an explanation is needed.

Even more intriguing is that, whereas in our original assessment, under part II of the Act there appears the word "restrictions", it no longer appears in the new form of words. I am again at a loss to understand why. I hope that my hon. Friend the Minister will deal with those important matters when he winds up.

The overall purpose of the order is to keep up to date the general principle of allowing the Secretary of State to keep secret such information as may be deemed to be sensitive in connection with a prosecution for fraud or a related offence of dishonesty. I take the extremely relevant point made by the hon. Member for Kingston upon Hull, West, when he outlined the delicate balance that must be struck between the general principle of providing access to confidential information on the data subject—which is the cardinal principle, laid down by the European convention—and the convention's recognition of the right to exclude information in certain sensitive categories.

It is entirely reasonable to update the 1987 order. Throughout data protection legislation, not only in Australia and the United States but elsewhere, there runs the well-recognised principle that financial services markets and the investigation of fraud or dishonesty should legitimately be an exempted area. I am not sure that the order could not be more narrowly drawn. Whenever such orders are laid before the House, the onus should be on the Government to demonstrate that not one jot of personal information shall be withhld from subject access unless there is concrete justification. I believe that that was the thrust of the argument of the hon. Member for Kingston upon Hull, West, and I agree that that should be the case.

In respect of financial services investigations in particular, secrecy is all. Were the subject of such an investigation to be given any idea that information was held about him, he could take advantage of that knowledge to arrange his affairs so as to gain protection under the umbrella that the order will constitute. In that context, you, Mr. Deputy Speaker, will be aware of the current cases, which are sub judice, in which it is clear that information relating to the availability of knowledge on subject access could have been relevant to persons who have been charged with an offence.

Mr. Randall

We all agree on the principles of the order. As to whether the list is too big or too small, I still contend that there is no way of assessing that and whether the Government have gone too far down the path to secrecy.

Mr. Norris

Given that section 28 of the Data Protection Act 1984 draws exemptions as wide as the assessment or collection of any tax or duty", the hon. Member makes a good point. My hon. Friend the Minister must make it clear that he has examined every detail of the order's applicability to information held about a data subject—and he must assure himself that in no way, and in no particular, does the subject access provision need further modification so as to allow the form of access to which the hon. Gentleman referred.

Clearly, it is important that the order receives the approval of the House, and I am sure that the hon. Member for Kingston upon Hull, West agrees that there is no virtue in legislation that is hamstrung by not being related to other current legislation. To the extent to which the amendments contained in the order bring matters into line with the Companies Act 1989, obviously we cannot refuse to approve it. Nevertheless, the general principles of the European convention, which provide that in all but exceptional circumstances a data subject should have access to information held about him or her, are so important that, whenever such a measure comes before the House, it is vital that the Minister presenting it is assured that it is drawn as narrowly as practicable, to provide necessary confidentiality.

I have always believed that, when Governments are in doubt, they should as a general principle be prepared to tell citizens what is done in their name. That principle should particularly guide my right hon. and hon. Friends, and I am grateful for the support for it shown by Opposition Members. That principle ensures that a democracy works to serve the people and is not governed in turn by officials who can hide behind a cloak of secrecy.

In that context, my hon. Friend the Minister has some further explaining to do. However, in terms of the order's general principles and of the necessity to ensure that existing measures are updated in line with the Companies Act 1989, I commend it to the House. I trust that, when my hon. Friend winds up, he will give the officials in the Box something to do this evening and answer the points that I raised.

I recall being invited to serve on the Committee considering the Data Protection Bill after my hon. Friend the Member for Watford (Mr. Garel-Jones) approached me in the Lobby and asked, "What do you know about data protection?" When I replied, "Nothing," I found myself instantly on the Committee. That was the first on which I served on entering the House in 1983, and the principle of knowing nothing initially has stood me in good stead. I have applied it in respect of every other Committee on which I have served. However, aware as I am of the detailed nature of the order, I commend to my hon. Friend the Minister a thorough review of all the options available to him.

8.27 pm
Mr. Harry Cohen (Leyton)

I congratulate the hon. Member for Epping Forest (Mr. Norris) on a very good speech. He is one of the few right hon. and hon. Members to make sense of data protection legislation. As he said, his experience goes back to the Committee that considered the Data Protection Bill. He played an honourable role then and has done so since in respect of data protection matters, in ensuring that orders such as this are not so widely drawn that they make it impossible for individuals to be certain of their rights. Exemptions may be allowable in cases of fraud, but they should be clearly spelt out. I am sure that the hon. Member for Epping Forest agrees that there should be a role for the Data Protection Registrar.

The Minister said that the order is not controversial. That may be true on the surface, because its wording is bland and vague—I suspect, deliberately so. However, the denial of access rights is not so non-controversial to the subject concerned. Last Tuesday, the Under-Secretary of State for Education and Science, the hon. Member for Wantage (Mr. Jackson), said of the Data Protection Act 1984: The Act—which was passed under the present Government—provides valuable protection for the individual, while recognising the need for controlled exchange in the use of personal data. The Government are wholly committed to the enforcement of the Act through the Office of the Data Protection Registrar."—[OfficialReport, 15 February 1990; Vol. 167, c.470.] The Government claim it as a credit, but the Data Protection Act 1984 is one of the worst in Europe. The Data Protection Registrar is powerless over enforcement of exemptions. Within four days of that statement, we are debating the order, and we can see the true nature of the Government's thinking on the Data Protection Act. They have put before the House an order which does the complete opposite of what the Minister said they would do.

The order is just what it seems. First, it removes protection from the individual. Secondly, it removes any enforcement powers from the Data Protection Registrar.The Minister shakes his head, but the DPR is powerless over subject access exemptions. Thirdly, it provides no real information to the House concerning details of the orders.

The Minister made a comment about the purpose of the order in relation to fraud. The order amends another order—the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemptions) Order 1987. Together, both orders list more than 230 statements about withholding rights of access to personal data from data subjects.

When SI 1987/1905 was debated in the House, very little information was provided about it, even though some of the statements in the statutory instrument seemed quite broad. For example, in the middle of page 5, we find the words: Any functions of making available information for purposes or otherwise in connection with any functions specified in this Schedule in relation to Acts". Apart from being gobbledegook, when one considers that paragraph closely, one sees that the schedule to which it refers was a very broad schedule which became virtually open-ended when the exemptions were made. The order before us is exactly similar, and it is equally generous with its wording. For example, paragraph 4 would insert: Functions of Secretary of State or designated agency under Chapter XV of Part I. I understand that to mean all functions of all designated agencies. That is a very broad order.

The hon. Member for Epping Forest quite rightly said that orders about access exemptions should be drawn very narrowly, so that the House and the public can see exactly what is being allowed, and will know what exemptions will affect the right of individuals to see personal data, and when the DPR cannot get involved.

I also note that, as with SI 1905, the Government have not provided any detailed reason that I can see why an individual's rights are being removed. Although the orders contain 230 statements or functions, they contain little detail about why we should refuse an individual access to personal data. The House is in the dark about how the exemptions will apply in practice. The only light that has been shed on the matter was in the Minister's statement tonight, at the beginning of the debate. This situation should be unacceptable to the House. Each subject access exemption represents a significant diminution of an individual's rights. Consequently, each exemption should be considered most carefully. Once allowed, an exemption is total, and once it is applied, the individual is powerless to do anything about it.

In paragraph 220 of his fifth annual report, the Data Protection Registrar summarises what a subject access exemption means, saying: The individual does not know that the data user has applied a subject access exemption and is in no position to make an appeal to test whether the data user has been properly applied or not.

Mr. Butterfill

Will the hon. Gentleman tell me to which of the functions under section 30 he considers that this should not apply? Does he exclude dishonesty or incompetence, malpractice or the investigation of bankruptcy? Does he not agree that other people need protection, as well as the person who is being investigated?

Mr. Cohen

Of course. I also think that exemption should be clearly defined; but we do not need 230 different statements of where they should apply. In a moment, I shall come to a particular example where I think subject access exemption may be applied, but let me finish the paragraph that I was talking about.

I cannot understand why it is not possible for the Government to produce clear explanatory notes, such a.s notes on clauses, before they put a whole range of personal data into an information black hole. The notes would explain why a subject access exemption was necessary, so that we could judge the validity of the Minister's arguments in every one of the 230 cases.

One case in which the exemptions could be misused is in the use of black lists. We know from debates in Committee on the Employment Bill that companies are using blacklists. They adversely affect individuals, perhaps because they are in a trade union or are involved in politics—which is their democratic right. Companies keep that sort of information about people on their computers. An individual might want to get access to that information, but if it conveniently comes under one of those 230 statements, and so has become a subject access exemption, the individual will not even know that he is on a blacklist, judging from what the DPR said in his report. If he finds out, he will not get access to data because the law will have been changed by the broad wording in the order to make blacklists exempt.

Mr. Butterfill

I am puzzled by what the hon. Gentleman is saying. It seems to me that we are considering an order that is limited to data protection for the regulation of financial services. I cannot see that a blacklist against an individual could have any connection with the regulation of financial services in the way that he suggests. Surely it has more to do with protection of the public from fraud and other undesirable practices, and I am sure that even the hon. Gentleman would not object to that.

Mr. Cohen

The Financial Services Act 1986 was a thick Act and took a lot of time and consideration in the House. It had many clauses that could relate to blacklisting.

A trade unionist might want information about a takeover because it affected the jobs of union members. The company could say that the union was affecting financial services and its stock market quote, and therefore it would use its subject access exemption to stop them getting the information. That could easily happen, because the Financial Services Act was so broadly drawn.

I wish to raise further questions concerning the statements on the first page of the order that it was made after consultation with the Data Protection Registrar". The Minister quoted that. I wish to enlarge on the subject of those consultations. Did the registrar agree with the Minister's wording of the order? Did he have any advice for the Minister, and was any of that advice ignored? I think that the House should know exactly what the DPR said.

For example, did the DPR draw the Minister's attention to paragraph 232 on page 87 of his fifth annual report: Exemptions from subject access right should be strictly limited and very carefully defined"? If the DPR was being consistent, he would give such advice. I should be interested to hear whether he did, and what the Minister's response was. As the Government have had two full years of operation to report on how the exemptions in SI 1905 have worked in practice, will the Minister say how many times subject access has been refused under the 1987 order?

Did the registrar raise during the consultation process his advice in paragraph 221 of the fifth annual report: I recommend that data users should be required to keep a log of the cases in which subject access exemption is relied upon and the reasons for using the exemption"? Has the Minister any views on that advice, which I should have thought the House would regard as reasonable?

Such questions are important, especially considering the Minister who will exercise the power and control the many functions that facilitate subject access exemptions. That Minister will be the Secretary of State for Trade and Industry, who is better known for his work in pursuit of privatisation than for his work to protect privacy. Privacy comes very low on his list of priorities. He was the one who introduced the poll tax, which has smashed privacy to smithereens, yet we are to give him powers over it under the order. That hardly inspires confidence.

Mr. Butterfill

Does the hon. Gentleman agree that my right hon. Friend the Secretary of State for Trade and Industry is also known for his rigorous pursuit of wrongdoers and that his action in trying to eliminate fraud and in dealing sympathetically with investors in Barlow Clowes shows him in a rather different light from that in which the hon. Gentleman seeks to portray him?

Mr. Cohen

I shall not go into the issues surrounding Barlow Clowes

Madam Deputy Speaker (Miss Betty Boothroyd)

That is a good thing.

Mr. Cohen

But deeds speak louder than words, and we have not had great actions from the Secretary of State to tackle the wrongdoers. The multi-billion pound fraudsters have not been dragged through the courts by the Secretary of State. Recently, the right hon. Gentleman took to court a case for which his Department was so badly prepared that the procedings collapsed in a shambles. The hon. Gentleman is on the wrong tack in saying that the Secretary of State for Trade and Industry has a good reputation in this matter; the right hon. Gentleman's actions do not support that claim.

Mr. Michael Stern (Bristol, North-West)

Does the hon. Gentleman agree that much of the work of the Department of Trade and Industry—under whomever happens to be the Secretary of State—leads to major trials? I am not allowed to name the trial that started last week but, with his known fairness, the hon. Gentleman will agree that that trial could not have started and could not be expected, as it is, to last about six months—

Madam Deputy Speaker

Order. The hon. Member for Leyton (Mr. Cohen) has stuck perfectly to the motion, and I am sure that he will continue to do so.

Mr. Cohen

I shall not pursue that line, Madam Deputy Speaker. My response to the hon. Member for Bournemouth, West (Mr. Butterfill) emphasised my view: many of the trials collapse in a shambles, and the wrongdoers have not been hauled before the courts and made to pay back the money of which they have robbed shareholders and the public.

Mr. Butterfill

Will the hon. Gentleman give way?

Mr. Cohen

No, I shall not give way; you, Madam Deputy Speaker, have asked me not to pursue these matters, but to stick to the order.

Mr. Butterfill

My point relates specifically to the order.

Mr. Cohen

In that case, I give way to the hon. Gentleman.

Mr. Butterfill

Does the hon. Gentleman accept that the order extends the ability of the Secretary of State to co-operate with investigators and regulators overseas? In view of the increasingly international nature of fraud, does the hon. Gentleman agree that the order represents a valuable contribution to the investigation of fraud?

Mr. Cohen

Of course we need links with overseas crimebusters to bust crime internationally, and I support that, but I do not think that the order will necessarily contribute greatly to that task. It is more likely to affect the individual's rights of privacy, which should be preserved. Such rights may be just as much affected by a bland and vague order such as this as big criminals may be affected by it. That is what concerns me, and that is why the order should be more tightly drawn, as the hon. Member for Epping Forest said.

Mr. Gary Waller (Keighley)

I have listened with great care to what the hon. Gentleman has said, and so far it has been very theoretical. He has had access to the reports of the Data Protection Registrar. The key question that we must all ask ourselves concerning the alteration is whether there are data to which the subject would previously have had access and which would have been useful to him which he is now to be denied. Can the hon. Gentleman give practical examples from the reports to which he has had access to demonstrate that fact?

Mr. Cohen

Yes, my speech has been theoretical, but when the order is passed, a number of individuals will be denied the right to information that companies hold about them. At the moment, individuals have the right to information, and we are denying them that right. The examples will come after the order has been passed. I gave the House one example—that of a trade unionist trying to get information in a blacklisting case. Practical problems will arise when people are denied their subject access rights.

All that the House can say about the order is this: first, we do not have enough information about how it will work in practice; secondly, we cannot tell whether it is drawn too widely, although in my view it is. We should ask the Minister for clearer information, and further detail should be given to the House on how the exemptions will apply in practice. Otherwise, abuses will occur and the House will be sending out the message that we do not really care about individuals' rights.

I am getting rather tired of the Government's boasting, as the Under-Secretary of State for Education and Science boasted last Tuesday, that the Data Protection Act provides valuable protection for the individual, only to undermine that Act by orders such as this. I advise hon. Members that, when they read words like "valuable protection for the individual" in Hansard, they should immediately understand them as having the same meaning when used by Ministers as if they had been used by A1 Capone.

8.48 pm
Mr. John Butterfill (Bournemouth, West)

I support the objectives of the order but I must join some of my Friends and Opposition Members in saying that the explanatory memorandum that accompanies the order is somewhat less than helpful—and nor is the English in which it is couched particularly easy to follow.

The order would amend a large number of existing Acts and previous orders, and perhaps it would help if I ran through them. We are amending not only the Data Protection Act 1984 but the Companies Acts 1985 and 1989 and the Financial Services Act 1986.

Mr. Randall

They are consequential amendments.

Mr. Butterfill

I agree that they are consequential amendments, but they are amendments nevertheless. The interrelationship of the Acts and the other orders that we are amending is complex. It would have been much more helpful if the explanatory note had contained more information so that we could understand how the legislation interacts. Instead, hon. Members have been left to work it out for themselves—in my case, by a somewhat convoluted process. I am not an expert in such matters. However, I have done my best.

Mr. Stern

May I underline my hon. Friend's point by saying that, when hon. Members are presented with an explanatory note, it always seems to be couched in a form of English in which "explanatory" is the exact reverse of the truth. With your permission, Madam Deputy Speaker, I shall put the first sentence on the record so that those who read Hansard can appreciate in all their beauty the triple convolutions of the so-called prose that is supposed to explain what the order means. The explanatory note reads: Section 30 of the Data Protection Act 1984 provides th.it personal data"— subject— held for the purpose of discharging statutory functions"— "functions" becomes a subsidiary subject— which are designated by the Secretary of State"— new subject— by an order"— further new subject— made under that section"— further new subject, although we have now forgotten which section is being referred to— shall be exempt from the subject access provisions"— a triple noun— of the Act in any case in which the application of those provisions to the data"— by now we have completely forgotten what data we are talking about— would be likely to prejudice the proper discharge of those functions. Whoever wrote that sentence should enrol immediately in a course on clear English, because the one thing that that sentence is not is explanatory.

Mr. Butterfill

My hon. Friend anticipates precisely the point that I intended to make. If he reads the second part of the explanatory note, the abuse of English and the defeat of the vaulting imagination of hon. Members will become even more apparent. It says: Schedule 1 to the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) Order 1987 ('the 1987 Order') designates functions for the purposes of section 30. The Schedule to this Order"— if my hon. Friends can follow which order we are now talking about— contains amendments to the 1987 Order"— if we can remember which order we are talking about— which are consequential upon the implementation of the. Companies Act 1989 ('the 1989 Act'). Part I of the Schedule, which comes into force on 21st February 1990, amends the entry relating to section 447 of the Companies Act 1985 (Secretary of State's powers to require production of documents) and designates functions under sections 83, 84 and 88 of the 1989 Act"— I defy, you, Madam Deputy Speaker, or anybody else to remember which 1989 Act we are now talking about— (powers exercisable to assist overseas regulatory authorities). Part II of the Schedule to this Order, which comes into force on 15th March 1990, contains amendments relating to functions under the Financial Services Act 1986. If that is supposed to be an explanatory note, we need to send some of our officials on a course in plain English.

Mr. Cohen

Does the hon. Gentleman realise that he and the hon. Member for Bristol, North-West (Mr. Stern) may be on dangerous ground by criticising the explanatory note? I was a member of a Statutory Instruments Committee, with my hon. Friend the Member for Kingston upon Hull, West (Mr. Randall), that considered official secrets. When we criticised the explanatory note, the Home Office Minister said that he had written it himself. Perhaps we could be told whether the Under-Secretary of State for the Home Department wrote this explanatory note which, as the hon. Members for Bournemouth, West (Mr. Butterfill) and for Bristol, North-West have said, is gobbledegook. If the Minister wrote it, they will be on dangerous ground for having criticised the grammatical efforts of their own Minister.

Mr. Butterfill

At the risk of being proved wrong, my hon. Friend the Minister's command of the English language is a model of clarity and eloquence. Therefore, I am confident that the explanatory note was not drafted by him personally. No doubt he will confirm that when he responds to the debate.

Mr. Stern

To pursue this line of argument, does my hon. Friend agree that we shall soon be demanding an explanatory note to the explanatory note of instruments of this nature? I am not sure that either my hon. Friend or I would wish public expenditure to be increased to such an extent.

Mr. Butterfill

I should be the last person to wish public expenditure to be increased unnecessarily. However, this explanatory note could have been much clearer and longer so as to assist hon. Members in their examination of the order.

Part I, paragraph 2, of the schedule refers to functions of following persons in assisting overseas regulatory authorities". Will the Minister clarify that my understanding of the paragraph is correct? I thought that it enabled the Secretary of State to rule that information would not be made available to a member of the public if it should properly be withheld to allow the investigation of fraud by an overseas regulatory authority.

It is an important power. If that is what the paragraph means, I support it. If that is not what it means, I believe that such a power should be included in the legislation. International fraud is becoming more common. The United Kingdom's financial services market is free and is extremely valuable to this country. It earns for the United Kingdom a vast amount of money in the form of invisible earnings, and I should be the last to want to lose them.

The corollary to an international market is that, with modern communications and modern means of data transmission, fraud is that much easier to perpetrate and that much more difficult to detect. Serious international fraud can be defeated only if the regulatory authorities in the countries concerned can co-operate in defeating it. I hope that that is what is intended by the paragraph, and that the order will give effect to that intention.

On part II of the schedule, like my hon. Friend the Member for Epping Forest (Mr. Norris) I am somewhat puzzled about paragraph 3, which extends the previous entry for rules, guidance, arrangements or restrictions and substitutes for that rules, statements of principle, regulations, codes of practice, guidance, arrangements or practices". I am not sure—nor will many other hon. Members be—why that extension needs to be made, what its practical effect on the denial of access will be and why those activities need to be protected as that section purports to protect them.

Paragraph 5, which was mentioned by the hon. Member for Kingston upon Hull, West (Mr. Randall), deals with the exemption of advertisements. Am I correct in assuming that it relates to the section of the Financial Services Act which regulates advertisements so that they do not mislead the public and improperly induce people to make investments? If that were the case, it would be entirely proper for investigations into the exemption of advertisements to proceed in a way that did not alert those being investigated. But it is not entirely clear to me, and I suspect that it may not be entirely clear to other hon. Members here this evening, so it would be most helpful if my hon. Friend could explain that in more detail.

Having asked some specific questions about the effect of the order, let me say a few words about the general philosophical approach which has been mentioned by hon. Members on all sides of the House this evening. As always, there is a conflict between the need to protect the public from fraud and misfeasance and plain incompetence on the part of certain authorities and the need to give the individual the right to access held about him on any givem file. We need to draw a very fine line.

Hon. Members who have spoken this evening, including my hon. Friend the Member for Epping Forest and certainly Opposition Members, would go a lot further than I would. If we are talking about freedom of information, which has been the subject of much of our debate, I urge some caution. It is not always in the public interest for all information to be disclosed.

If we want to see the effects of a full right to information, we need only look at what happens in the United States, where everything in the process of government is open to public scrutiny. The effect is a politicised civil service. When the President of the United States and the Administration change, the new President changes the civil service, because he cannot do otherwise than have with him his political allies. That would be the regrettable effect if the right to information were pursued to its ultimate conclusion in Britain.

Without wishing to flatter those in Whitehall who may be listening to the debate, one of the great assets of the British constitution is the impartiality of the Civil Service and the knowledge that civil servants may give advice to Ministers in confidence and protect their professional position as independent and impartial advisers to Government. We have the balance right in requiring the Government to account to the House for their actions and not to require civil servants to account for their actions. But I fear that what has been proposed this evening, particularly by the Opposition, could have that effect, and I genuinely believe that it would be a sad day for British democracy if that were to happen.

I am also concerned about the general tenor of some of the speeches from the Opposition. Opposition Members said that the right of an individual to inspect any file that may be held on him, for whatever purpose, is more important than some of the purposes in the order before the House. I cannot accept that. Section 30 of the Data Protection Act 1984 states that its purpose is to protect the public against financial loss due to dishonesty, incompetence or malpractice by persons concerned in the provision of banking, insurance, investment or other financial services or in the management of companies or to the conduct of discharged or undischarged bankrupts. I cannot see how we can afford to deny the public the protection that may be needed in the investigation of those activities simply because it may prejudice the rights of one citizen to obtain access to data held on him. Once again, I call in aid the Barlow Clowes case, which is directly relevant to this debate.

Mr. Randall

I thought that we had had a considerable discourse on the need to have a balance between access to information and the need at times to restrict access to information so that investigations can take place.

Mr. Butterfill

The hon. Gentleman said that, but I differ from him on where he would strike that balance. The hon. Gentleman was erring on the side of protecting the right of the individual to have access to information instead of erring on the side of the investigation of fraud and malpractices which I believe is more important.

Mr. Randall

With respect, the hon. Gentleman is drawing the wrong conclusion, and I said nothing that could lead him to reach that conclusion. My point was that none of us in the House tonight can assess whether the Government have gone too far in compiling the list of restrictions. I do not know whether they have, and I challenge whether the hon. Gentleman knows. I believe that the Government may have erred on the side of secrecy simply because that is the general ethos of British society and certainly the position in Whitehall.

Mr. Butterfill

The hon. Gentleman compounds my suspicions about his approach to the issue. He suggests that the Government would err on the side of secrecy when we are investigating matters of the utmost gravity for the protection of the public. I would not apologise for that. If it is necessary to protect the public from fraud and swindlers—I do not suggest that the hon. Gentleman would ever be a swindler's friend, by any stretch of the imagination—the balance should lie with the protection of the public as a whole rather than with the protection of a single individual. The protection of the public as a whole must, by definition, be more important than the right of a single individual, however important the rights of that individual may be.

If there is any doubt about the issue, we must always protect the public as a whole, although on occasion that may work to the detriment of the individual. That may be the price that we have to pay in a democracy for adequate protection, particularly when we are dealing with people who are capable of perpetrating vast frauds and swindles on an international scale. That protection is very important when we are dealing with extremely sophisticated operators who can switch money all over the world at the press of a computer key, and when it is extraordinarily difficult for the police in any one country to investigate anything in any depth.

If we are to defeat that type of international fraud and crime and protect the public in this country and elsewhere—that is the implication of the order—we must err on the side of caution. That may mean that the rights of one individual may occasionally be prejudiced. I would sooner do that than risk thousands of people being swindled.

Once again, I refer to hundreds of my constituents who invested in Barlow Clowes. That case is relevant to the debate, because it involved another overseas regulator. The major losses did not occur with investments in this country, but with overseas investments. The Swiss companies involved were supposedly registered in Geneva, but it turned out that they were not registered at all. They did not even exist legally in Switzerland, yet my constituents sent money to box numbers in Geneva. I think that they were extraordinarily gullible and ill-advised, but they were advised by people in this country whom they thought were reputable. Money was also sent to Gibraltar. We must examine the ability of international regulators to co-operate with one another to defeat such fraud. Without a measure such as this, that will be totally impossible.

I repeat that, if a balance is to be struck between the protection of an individual and the protection of the public as a whole, we must err on the side of caution.

Mr. Cohen

Opposition Members agree that big fraudsters must he investigated and brought before the courts. However, the hon. Gentleman's argument is the same as that in favour of making all police records exempt, being subject access exemptions under the Data Protection Act 1984. The trouble is that there is no way of rectifying an abuse if incorrect information is placed on a person's file and he is subsequently badly treated. He cannot appeal. There must be an opportunity to set up appeal procedures. The Data Protection Registrar is like an ombudsman in these cases—investigating but keeping strict confidentiality. That would not interfere with investigations into potential big crime, but it would protect the individual. Why can we not have both?

Mr. Butterfill

The hon. Gentleman's remarks worry me slightly. He is saying that we should not exempt police records or the records kept by regulators, for fear that that might prejudice an individual's right to know what information is being held about him. If such an investigation relates to a major fraud, which may be an international fraud, that is the price that society must pay if we are to be protected against that activity. There is no alternative to that protection. Therefore, I shall support the order.

9.13 pm
Mr. Tam Dalyell (Linlithgow)

Opposition Members agree with much of what the hon. Member for Bournemouh, West (Mr. Butterfill) said about the international aspects of this subject. It is extremely complex and increasingly important. I asked the hon. Member for Romsey and Waterside (Mr. Colvin), who is piloting his Computer Misuse Bill through the House, whether I could be on the Committee that considers the Bill. I look forward to Wednesday mornings in Committee, because these matters are important.

In preparation for the debate on the computer hacking Bill, on 5 January I tabled several questions to the Home Office, giving it six and a half weeks to answer. I make no complaint about the nature of the answers, because it is a delicate matter. It pertains directly to assisting overseas regulatory authorities.

The first question that I tabled on 5 January for answer on 19 February was: To ask the Secretary of State for the Home Department if he will make it his policy to include provisions in his computer hacking Bill to promote safeguards to ensure that information stored in a DNA databank would not be open to misuse. The Minister, who is at the Dispatch Box, replied: No. The Data Protection Act 1984"— that is one of the Acts that we are discussing— already provides appropriate safeguards against misuse of personal data held on a computer database. These include a requirement that the data user must take security measures againt unathorised access. It is one thing to say that the data user must take security measures, but it is easier said than done. Does the Home Office have any evidence that serious measures along those lines are being taken? I recall that the week before last, members of the all-party group for the retail trade went to a famous store, which I think should be nameless. The store managers were open about saying what mayhem had been created when the computer of just one store was illicitly entered. We need to take any possible measures that would stop that type of—

Madam Deputy Speaker

Order. The hon. Gentleman is preparing himself for other debates dealing with hacking. Will he look at the order that we are considering, and bring himself more into line with it?

Mr. Dalyell

My comments come under assisting "overseas regulatory authorities".

Madam Deputy Speaker

That is quite true, but I fear that the hon. Gentleman was moving considerably away from that. I have been listening carefully.

Mr. Dalyell

I shall come back, Madam Deputy Speaker.

The next question that I tabled was: To ask the Secretary of State for the Home Department what consideration he is giving to the use of DNA material unrelated to crime. I should like to put it on the record that the reply was: DNA testing has been used to establish relationship in immigration and paternity cases. That work is excellent and wholly acceptable—and here we come to the "but"; I do not intend to speak for anyone other than myself, and this is a personal view—but I believe that authorities are entitled to use all the latest techniques of blood-testing in the fight against crime of any sort, and that includes fraud.

Mr. Stern

Will the hon. Gentleman give way?

Mr. Dalyell

I would rather not give way until the hon. Gentleman has heard precisely the nature of my argument and then I shall, of course, give way to him.

I also tabled the question: To ask the Secretary of State for the Home Department what proposals he has for a DNA data bank for use in the fight against serious crime; what type of offences will be covered; what type of sample will need to be taken; and whether types of sample such as blood or hair-roots will be taken without the consent of the individual concerned. I know that therein lies the rub. I know how difficult this is, and I also know that some of my hon. Friends take a different view—

Mr. Stern

Will the hon. Gentleman give way on that point?

Mr. Dalyell

In a moment.

I also tabled the question: To ask the Secretary of State for the Home Department what is his policy towards legal powers to take samples, such as blood or hair-roots, in respect of screening people who there may be no reason to suspect of involvement in the offence. There could be a whole range of offences, one of which could certainly be fraud. I give way now to the hon. Member for Bristol, North-West (Mr. Stern).

Mr. Stern

I am grateful to the hon. Gentleman for giving way. He has raised one "rub" as he calls it, about where the order might bite. However, there is another rub as well, and if I am lucky enough to catch your eye, Madam Deputy Speaker, I hope to expand on this later. The hon. Gentleman is referring to data in a DNA bank being used for the detection of crime. Does he agree that we also have to determine the nature of the state that is determining that crime? Does he agree that to supply information through the order to the regulatory authorities of, say, France, is completely different from supplying exactly the same information under exactly the same circumstances to the regulatory authorities of, for example, Romania before the recent revolution? We are empowering the authorities to decide on the nature of the regime, as well as the nature of the crime.

Mr. Dalyell

I am not sure that that is not unreasonable. I am not being led astray or leading anyone else astray.However, the hon. Gentleman raises an important point. There must be a value judgment of to whom the information should be given. Our European partners are our partners and, as the hon. Member for Bournemouth, West said, the measure has international implications.

The next question that I asked is also relevant. It was: To ask the Secretary of State for the Home Department whether he will consult the Law Lords on the question which would arise if a doctor was asked to take a blood sample without consent, the question being how to obtain a sample from someone who refuses consent, and may physically resist having a sample taken, and on the question of the susceptibility of evidence obtained under duress by the courts; and if he will make a statement. The Under-Secretary of State replied: My right hon. and learned Friend is still considering the issues set out in the letter which my right hon. and noble Friend the Minister of State"— that is the noble Lord Ferrers— sent to the hon. Member on 7 December. It was an extremely interesting and perceptive letter. He continued: He is currently consulting the British Medical Association and the Association of Police Surgeons on the medical ethics of taking blood samples without consent from suspects in police detention and from convicted offenders. My right hon. and learned Friend will consider what further consultations are necessary in the light of their response. He has no plans to amend the law to enable the police to take blood or other samples from people who are not suspects or convicted offenders and who do not consent. The police are free to ask people to provide samples voluntarily. Although it may be inconvenient and awkward, if hon. Members ask questions such as I have asked on this subject, they should not sit on the fence and pretend that it is entirely up to the Government to come to conclusions.

This evening I have had an opportunity to put my two ha'po'rth into the argument. I have given the matter considerable reflection—otherwise I should not have written the letters that prompted the letter of 7 December. I should not have asked those questions unless I had taken the view that it is pretty legitimate to use all techniques known to modern science, many of which are developing all the time, to pinpoint crime.

When does the Minister expect the discussions with the police surgeons and various other authorities to be finalised? I hope that when they are finalised, a hard line will be taken on the use of every available scientific, DNA and other technique. It is extremely cost-serving. If one takes that hard line, there is an argument for going ahead with one of the recommendations of Gordon Wasserman's committee, which was set up by the Home Office, that there should be an independent forensic unit to which those who get into trouble or who find themselves prosecuted could appeal.

I have argued elsewhere that the forensic unit might well be based at the university of Strathclyde—[Laughter]—where distinguished work has been done on an academic base for the whole of the United Kingdom. I hear my hon. Friend the Member for Kingston upon Hull, West (Mr. Randall) laugh. If that work had been done in Hull, I should have said the same thing. But he is not my constituent and nor do I have many constituents—I could probably count them on the fingers of one hand—who work in the university of Strathclyde. I am an east-coast Scot, and east-coast Scots are different from west-coast Scots.

There is a strong argument for using every forensic technique available for this and other types of crime. After the discussions with the police authorities, I look forward to an announcement that the Government feel that every sort of technique should be available. I for one undertake to support and vote for any measure designed to take advantage of every scientific technique available, even if some of my colleagues, understandably, scream about civil liberties.

Several Hon. Members


Madam Deputy Speaker

Order. I ask hon. Members who wish to speak to look at the explanatory note and I remind them that this is a narrow debate. The order is consequential on the Companies Act 1989 and the Financial Services Act 1986. Comments must be pertinent to that. Otherwise, I shall rule hon. Members out of order.

9.25 pm
Mr. Michael Stern (Bristol, North-West)

I am grateful to you, Madam Deputy Speaker, for your comments. My remarks will be brief.

It is a great pleasure to follow the hon. Member for Linlithgow (Mr. Dalyell) directly, and to take his argument a stage further. Instead of supporting him, as I do, by simply saying that all forensic and other techniques should he used in solving crime and apprehending offenders, I shall explore the nature of the crime that we are considering in deciding whether the techniques should be applied. I apologise to the House for the fact that some of my examples will come, not from my work in the House, but from work outside. I have a declared interest as a partner in a firm of chartered accountants, and the examples arise from my work there.

The explanatory note contains four words which in principle are anodyne, but which in practice contain a dangerous extension of powers—"assist overseas regulatory authorities". I entirely agree with my hon. Friend the Member for Bournemouth, West (Mr. Butterfill) that when we are dealing with fraud in general and financial fraud in particular it is necessary to consider it on a worldwide basis. Recent fraudsters, as in the Barlow Clowes operation and the Dover plan, would not have been caught or brought to justice without international co-operation. We must applaud international cooperation.

We are dealing with fraud that takes place in the context of our western European society and values. There are other frauds, or frauds as they would be defined elsewhere in the world, which are not so clearly pigeonholed. For example, how will the powers provided in amending the data protection regulations in the light of the Companies Act 1989 be applied where a person appears to have committed a detailed and marked offence against the exchange control regulations of an African country? That will cause considerable moral problems to Opposition Members. Many African countries maintain and impose severe penalties of imprisonment for breaches of their exchange control regulations.

South Africa, for example, has one of the most vicious exchange control regimes in the world. Do we intend to give powers to the Data Protection Registrar to shop someone who has broken the South African exchange control regulations? Many people in that country are desperate to get out, but they are held there by the force and the threat of force implied in the South African exchange control regulations.

In case the House believes that such stringent regulations are peculiar to South Africa, I should say that Nigeria operates similarly strict exchange control regulations. People equally fear being shopped by other regulatory authorities for breaking those Nigerian regulations. I have dealt with refugees from both those countries; those who have broken the respective exchange control regulations have a strong fear of violence.

Mr. Jeremy Hanley (Richmond and Barnes)

My hon. Friend has mentioned a most tricky point—irregularities in a regime that most of us regard as repressive and in need of reform. Does he agree, however, that we might be forced by necessity to co-operate in certain actions on behalf of the regulators of a country, be it South Africa or any other, if we are to receive reciprocal assistance from that country in our search for malefactors who are residents or national of this country and who have taken investors' funds to South Africa or elsewhere? Therefore, it might be necessary to co-operate with the undesirables to achieve the greater end.

Mr. Stern

I accept that. My hon. Friend has raised something about which the order says nothing, when it should.

If we are seeking to co-operate with, for example, South Africa to search out and to bring to justice a fraudster currently living in Europe, I accept that we shall get such co-operation from South Africa only if we offer reciprocal co-operation to enable that regime to bring to justice a fraudster who originates in South Africa.

There is a distinction to be drawn, however, which is not drawn in the order. Although I should be happy to see regulations permitting us to co-operate with the South African regime on matters of fraud, I would not want our regulations to permit the British authorities to co-operate with that regime on matters relating to exchange control. South Africa possesses such control, whereas we, as a result of Government action, do not.

I am looking for some assurance not only about the Data Protection Registrar's entitlement to assist overseas regulatory authorities against the apparent wishes of the individual, but about how the registrar will be able to discriminate between one particular type of offence and another. We should consider, as a matter of civil liberty, whether we should give such undisclosed powers to the registrar so that, without reference to Parliament, he can discriminate in such cases.

Mr. Hanley

Perhaps I am wrong, but I felt that the power was granted to the Secretary of State and, through him, to the Data Protection Registrar. Ultimately, it is the Secretary of State who must sanction the decision. The registrar, worthy and honourable though he is, would need to refer for guidance in such cases to the Secretary of State.

Mr. Stern

My hon. Friend is quite correct, but in an open society can we not go further? Are we not entitled to look to the Secretary of State to declare to the House when he has exercised these blanket powers of discrimination which the order offers him? I should be grateful for some reassurance from my hon. Friend about exactly how—perhaps in the Data Protection Registrar's annual report or some other way—it might be possible for the Secretary of State to report to the House on how the powers should be used.

I quoted an example of repressive African regimes. I shall quote another example that is germane to the debate in the light of earlier references to the Barlow Clowes affair. There has recently been a belief among many overseas investors who have chosen to invest in this country through Gibraltar that the British authorities, in the light of the Barlow Clowes affair, have been attempting to hound them. I would be very worried indeed if, in passing this order, which contains the powers to assist overseas regulatory authorities, we gave the Secretary of State powers, through the Data Protection Registrar, to make undue inquiries of perfectly genuine investors who happen to use Gibraltar as a means of investing in this country. Many such investors feel that too much of that sort of thing has been going on already.

The joke in Gibraltar at present is that, whereas a few years ago it was believed that, if this country sent gunboats to Gibraltar, they would be to assist Gibraltar against possible invasion from Spain, the belief in Gibraltar now, in view of the arguments over the airport, is that, if gunboats were sent to Gibraltar, they would be to repress the Gibraltar Government.

Mr. Hanley

Surely not.

Mr. Steen

That is the view that is currently held.

There is considerable suspicion that the powers given in the order could be used with insufficient discretion, of which Parliament might not be apprised. That could happen unless some mechanism were built in to advise Parliament of the way in which those powers were so used.

There is one aspect in which the order does not go far enough. I accept that this is a problem generally with data protection legislation. The order applies only to data as defined in the Data Protection Act. There has been a growing belief in the House for a number of years that, as matters have moved on since the original Act, the definition of "data", and therefore the definition within the order, is inadequate.

We have had many debates in the House about, for example, medical records. They are probably the most personal and potentially most damaging record about any individual. They are not covered by the Act and, quite rightly, will not be covered by the Act under this order, because the order relates solely to financial matters. I wonder whether, in considering the order, we should look again at the extent to which financial information about an individual or company will be exempt from the order because it comes outwith the strict definition of data as laid down in the Act.

How many times have we heard of—and in our professional lives seen—the bank manager, at the end of an interview, write down, "This man is a con merchant"? That record is based on the opinion that the bank manager formed during the interview; it will stay on a personal or company file and will not be open to regulation under the Act because it is not data—it is not in technically permanent form.

Mr. Hanley

Being a renowned chartered accountant, my hon. Friend may well remember the case in which a certain watch was seized by taxation officials because engraved on the back of it was a Swiss bank account number. The defence of those who owned the watch was that it was not data as defined under the Act. It was not a record: it was a watch with an engraving. The courts said that, because the watch was engraved with information, it could be regarded as a record. Does my hon. Friend therefore agree that perhaps the courts can take such matters into account as the need arises?

Mr. Stern

I should like to think that my hon. Friend was right. However, I have been advised that it is not yet open to the courts to extend the definition of data in that way. I would like reassurance from the Minister about whether such an extension of "data" could be made.

Mr. Waller

My hon. Friend is hitting on an important point by referring to the fact that we are discussing electronically recorded data protected under the Act. Does he agree, however, that, if we did not provide an exemption of the sort suggested in this order, computers could not be used in the pursuit of crime, because of the danger that recorded material could be made available to the subject of that pursuit? To pursue international or national crime efficiently, it is necessary and sensible to have exemptions of the sort that we are discussing.

Mr. Stern

My hon. Friend is right. I hope that neither he nor the House will take my remarks as suggesting any doubt of the need for an order of this sort. I merely maintain that any order of this sort must be drawn as tightly as possible, and applied with the greatest discretion. I hope that my hon. Friend the Minister will assure me that there will be mechanisms to ensure such discretion.

On the basis of experience, I must point out, finally, that orders of this nature change the reality in which they operate by their very passage. I remember that, some years ago, a similar order was passed by the United States Congress, laying down regulations for United States investors in Swiss banks. I came across this example because I was advising a Panamanian investor in the United Kingdom who happened to invest, perfectly legitimately, in a Swiss bank.

The Swiss banks wrote to all their customers telling them that the regulations had just been passed by Congress and that they would be obliged within six months under Swiss law to disclose certain information under the regulations, which were part of the US-Swiss convention. The banks strongly urged their customers to remove their accounts if they felt that they did not wish certain information, which they listed, to be disclosed to the US authorities. These letters were sent, couched in the strongest possible terms, to all customers, whatever the source of their funds and whether or not the banks knew that source.

Is not my hon. Friend the Minister concerned that, by giving additional powers to assist overseas regulatory authorities, he may be causing widespread ripples with the stone that he has cast into the pool tonight?

9.44 pm
Mr. Michael Brown (Brigg and Cleethorpes)

One opens a can of worms when one goes back to the primary legislation from which a statutory instrument flows. I agree with the views of my hon. Friend the Member for Bournemouth, West (Mr. Butterfill) on the explanatory memorandum to the order. In all my time in the House I have never found it necessary, when reading a statutory instrument, to find about four previous references to help the House to arrive at a decision.

First, I went to the Library to find section 30 of the Data Protection Act 1984, the source of this statutory instrument and the order that was introduced in 1987 and which this one amends. The House would do well to remember why we have to have such statutory instruments. Section 30(1) of the 1984 Act, which comes under part IV headed Regulation of financial services etc", states: Personal data held for the purpose of discharging statutory fuctions to which this section applies are exempt from the subject access provisions in any case in which the application of those provisions to the data would be likely to prejudice the proper discharge of those functions. That is the source of all our problems about data protection, the order that is before the House and the one that was introduced in 1987. Section 30 (2) of the 1984 Act states: This section applies to any functions designated for the purposes of this section by an order made by the Secretary of State,". When the Home Secretary framed the Data Protection Act, I do not think that he had any idea of the number and scope of the statutory instruments that it would require.

I went to the Library earlier today to look up the Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) Order 1987 which this statutory instrument amends. I should like to make an urgent plea for the convenience of all hon. Members. The Library staff are quite expert at looking up references, but it took them a long time to trace the statutory instrument that we are amending. In future when an explanatory memorandum to a statutory instrument is brought before the House, it should have upon it the number of the statutory instrument to which it refers. My hon. Friend the Member for Richmond and Barnes (Mr. Hanley) will support that plea.

Mr. Hanley

My hon. Friend and I were in the Library together trying to find the references. Does my hon. Friend agree that the Vote Office should have copies of the primary legislation at least on the day that an order is discussed? My hon. Friend and I were both in the Vote Office today and, as he knows, there was no copy of the Companies Act 1989 or the Companies Act 1985.

They are large volumes of weighty legislation, but surely two or three copies of the primary Act should be available so that we can refer to them before discussing such important issues.

Mr. Brown

My hon. Friend makes a valid point. He and I were reduced to photocopying the relevant extracts of the primary Act.

We are amending a statutory instrument that has about 12 pages and discussing an order to amend one line on one page. Will there be other statutory instruments to take up the time of the House to amend that statutory instrument of 1987?

Mr. Bob Cryer (Bradford, South)

I am pleased to note the hon. Gentleman's new-found and unprecedented interest in statutory instruments. Some of us have been examining them for much longer than the hon. Gentleman. Did he vote for or against the primary legislation which gives powers to the Secretary of State?

Mr. Brown

The hon. Gentleman is right to ask that question, because he was not in the House between 1983 and 1987. He and other hon. Members will know that I have frequently taken an interest, as the hon. Gentleman has done, in secondary legislation. I do not know whether the hon. Gentleman serves on Standing Committees, but whenever I do so, I invariably raise points—sometimes to the chagrin of the Whip—regarding any clauses that—

Madam Deputy Speaker

Order. The hon. Gentleman makes a great defence for himself, but perhaps he will return to the subject of the order.

Mr. Brown

The order makes an important amendment to a comprehensive statutory instrument. I ask my hon. Friend the Minister to ensure in future that when the House is asked to amend data protection legislation, the resultant measure is consolidated into one Act of Parliament.

9.50 pm
Mr. Randall

With the leave of the House, Madam Deputy Speaker. The debate has been most interesting. The order is complex and badly drafted, but our debate was fundamental to the freedoms of the people of this country, and to ensuring that our institutions operate effectively and efficiently in wiping out corruption arid malpractice wherever possible.

The essence of the debate has been the balance between protecting civil liberties and the freedom of individuals to see files about them, and at times restricting availability to information, to ensure that proper investigations into corruption can be undertaken.

I hope that, whenever we review the Data Protection Act 1984, those principles will be kept in the forefront of our minds.

9.52 pm
Mr. Peter Lloyd

The debate has been thorough and exhaustive, and the most pertinent intervention was made by you, Madam Deputy Speaker, when you said that the scope of the order is extremely narrow. So it is. I sympathise with the hon. Member for Kingston upon Hull, West (Mr. Randall), who referred to the complicated nature of the matter and sought an explanatory memorandum. That request was made by other hon. Members on both sides of the House. Having read the order myself, I understand the point that they make.

Mr. Hanley

I am sorry to disagree with my hon. Friend, but although the order may be narrow in scope, as he says, does he not agree that it is extremely wide in its effect and has international implications? The measure is not so narrow as to be unimportant, but is wide enough to be extremely vital to the protection of investors in this country and worldwide.

Mr. Lloyd

I did not say that the order is not important, for I agree with my hon. Friend that it is. However, the changes that it makes are relatively narrow in scope, even though they provide a very necessary additional opportunity for my right hon. and learned Friend the Home Secretary to use his powers to combat malpractice.

It was clear that the hon. Member for Kingston upon Hull, West was asking not so much for an explanatory memorandum on the order as for the Data Protection Act 1984, and the Data Protection (Regulation of Finance Services etc.) (Subject Access Exemption) (Amendment) Order 1987 to be brought into line with the Companies Act 1989, which made it necessary to change some of the 1987 order.

The order does not extend the list of categories of information that may be withheld. Many hon. Members have the impression that it does. If it did that, I would have followed their argument. The order changes only one part of the 1984 Act, and that was identified by the hon. Member for Kingston upon Hull, West as part II, paragraph 5. I shall return to that in a few moments.

The balance of the law under these orders is very clear, and was set by the principal legislation, which it is not our place to discuss this evening, as it was exhaustively discussed at the time.

My hon. Friend the Member for Epping Forest (Mr. Norris), who is not with us at the moment, was on the Committee which considered the Data Protection Act 1984, and I suspect that he has the advantage over most of us, with the exception of my hon. Friend the deputy Patronage Secretary, who was also a member of the Committee.

Mr. Michael Brown

My hon. Friend rightly draws the House's attention to the fact that nothing is changed by what the House does tonight. We are merely tidying up, following the passage of the Companies Act 1989. That is why I strongly believe that now is the time for the powers that be to consolidate everything to do with data protection—the Data Protection Act 1984 and the Companies Act 1989. Is the time not coming when someone should consolidate all the legislation on data protection into one statute?

Mr. Lloyd

Many parts of our legislation could usefully be consolidated, but it is extremely time-consuming for the draftsmen and for the House. I understand the point that my hon. Friend is making, but I cannot promise that consolidation can be carried out at an early date.

I disagree when my hon. Friend says that the Order is merely tidying up. It is consequential on the legislation, and it does two important things. First, it makes it possible for my right hon. and learned Friend the Home Secretary to call experts, apart from officials in his Department, to investigate certain data. That is only sensible because the complexity, particularly in financial matters, is so great that one needs to call those people with special knowledge to assist—whether they are accountants, specialist lawyers or people with experience of banking. All those people will be bound by the rules of secrecy, and they will be operating on his behalf, seeking information and understanding so that the Home Secretary may use it for the purposes determined by the Act.

The second important thing that the Order will do is to enable the Home Secretary to make the information available to overseas regulators who have signed the convention, when he believes that it will be in the interests of uncovering malpractice. He does not have to supply the information, but he may decide to do so, and it is very much in our interests that we supply information to help investigators of fraud and malpractice by overseas officials who have powers in that area. It is also very much in our interests to receive such information in return.

My hon. Friend the Member for Bournemouth, West (Mr. Butterfill) was right to draw our attention to Barlow Clowes, because that is a good example of alleged fraud or irregularity transcending international boundaries. In that case, it was necessary to be able to exchange information across frontiers, and it was a pity that we were not able to do that earlier. Some of the difficulties that investors have suffered might then have been avoided.

The hon. Member for Kingston upon Hull, West was extremely worried that what might be acceptable in general might be oppressive in practice. I remind him that the registrar is there and is required under the Act to keep an eye on the way in which the provisions are implemented and to make an annual report to Parliament.

I said that I would return to the question of advertising in paragraph 5 of the schedule. The provision now covers details of advertisements, particularly in unlisted securities where fraudulent claims may be the start of a malpractice that needs to be followed up. The order extends slightly the amount of information that may be withheld in such circumstances. I doubt whether the hon. Gentleman would want to avoid that. The Labour party usually emphasises that fraud in the City and in business should be pursued actively and hard, and I am sure that he would not want to deny the correct authorities powers to do that.

My hon. Friend the Member for Epping Forest, who served on the Committee, wondered about the additional expertise—a point that I have mentioned. He talked about codes of practice. The codes of practice referred to in the order enable the Home Secretary to give guidance and indications to a primary regulator, such as the Securities and Investments Board, on how to conduct itself in the matter of the information that may be withheld. The order does not extend this information but gives guidance that is necessary to ensure that it may be obtained and used for the proper purposes.

Let me answer the questions of the hon. Member for Leyton (Mr. Cohen). I have explained that the order does not extend any of the items of information that can be withheld, except in the small area that I have outlined. The hon. Gentleman wanted the information that may be withheld set out clearly, but then went on to complain that it was set out extremely clearly and in great detail. The hon. Gentleman cannot have it both ways. I agree with him that, when the information is set out in great detail so that one can see precisely what categories are included, there is quite a lot to get through, but that is part of the openness for which the hon. Gentleman called. He asked whether the registrar was content with the order: he was consulted and was certainly content.

I think that I have replied to most of the questions asked by my hon. Friend the Member for Bournemouth, West, who wanted to ensure that the philosophical approach was sensible and balanced, and I believe that it is. The basic philosophy is contained in the original Acts, which were exhaustively debated.

The hon. Member for Linlithgow (Mr. Dalyell) referred to several questions that he has tabled to Home Office Ministers. I cannot add to the answers that we gave him at the time, but I am glad that he is determined to chase us to ensure that information—especially relating to DNA and other means of identifying and getting to the root of particular sorts of crime—is thoroughly used and pursued. He is right in that. We are aware of what the hon. Gentleman seeks, and we agree with him, but I hope that he will accept that this is a complex matter and that discussions need to be carried through to ensure not merely that we make the best use of that avenue of information but that we make use of it in such a way that it does not impinge unnecessarily and in an unwarranted manner on the rights of individuals.

Mr. Dalyell

I realise that this is a complex matter, but I should not have thought that it would take six weeks to provide an answer to the question. Does the Home Office accept that it has a responsibility to make a fairly early statement on the report by Gordon Wasserman—one o its senior officials—on related forensic issues? The sooner that happens, the better it will be for forensic science. Some of us recognise that there are real difficulties over recruiting forensic scientists. The Government ought to pay regard to that problem.

Mr. Lloyd

I understand the hon. Gentleman's paint, but it is not a matter on which I ought to comment this evening.

It is a narrow order. It makes three changes that are, I believe, uncontroversial. Many questions have been asked and suspicions about the original legislation have been aroused. However, suspicions have not been aroused about the three changes that the order makes. Therefore, I happily commend it to the House.

Question put and agreed to.

Resolved, That the draft Data Protection (Regulation of Financial Services etc.) (Subject Access Exemption) (Amendment) Order 1990, which was laid before this House on 30th January, be approved.

    1. c752
    2. ANIMAL WASTE 50 words
    1. c752
    2. HILL LIVESTOCK 22 words