ContactPoint ‘suffers security breaches’
- 20 January 2010
The children’s database ContactPoint has suffered at least three security breaches since its launch, according to an investigation by a national newspaper.
The Daily Telegraph has reported that Freedom of Information Act requests submitted to local authorities already running ContactPoint revealed security breaches in three local authorities last year.
The newspaper said its investigations found that there had been a security breach involving two staff at Westminster County Council.
The was also an incident of “inappropriate behaviour” at East Sussex County Council – where one practitioner shared access information with a colleague who had to yet receive access information – and two incidents at Sheffield County Council that required formal investigation.
However, the Department for Children, Schools and Families said that in the small number of instances where unusual activity had been detected or suspected the local authorities involved immediately investigated and took the correct course of action.
A DCSF spokesperson told EHI Primary Care: “None of these incidents led to data in ContactPoint being compromised, none involved any data being printed or downloaded from ContactPoint, and there is no evidence that any of these instances indicated malicious intent.”
The spokesperson added that the incidents all took place in early 2009 and that in light of them it had further strengthened its training and guidance materials on correct procedures and use of ContactPoint.
The DCSF added: “Security is of paramount importance for ContactPoint and a significant set of measures and controls are in place.
"The use of ContactPoint is monitored and audited at both national and local level. Local authorities and National Partners are responsible for investigating suspected misuse within their area of responsibility. A central DCSF team also reviews use of the system.”
The database holds demographic data for the 11m children in England and was first used by selected professionals in 17 local authorities in the North West from May. In October, the DCSF announced the national roll-out of the database to local authorities across England.
The Conservative and Liberal Democrat parties have both pledged to scrap the database if they win the next general election.
Tim Loughton, shadow children’s minister, told the Daily Telegraph that he believes the security breaches were just the tip of the iceberg.
He added: “Once there are 400,000 users of ContactPoint there will be scope for colossal abuse of the system. ContactPoint is not and cannot be secure."
A parliamentary question tabled by Tim Loughton earlier this month also revealed that between 2 November and 18 December the database was operating without its children missing education (CME) function.
In answer to Loughton’s question, children’s minister Dawn Primarolo said the DCSF had raised an issue with the supplier of the ContactPoint system after a local authority identified that it could no longer access the CME report function.
She added: “The issue was raised using the standard problem resolution process and the functionality was restored on 18 December 2009.”