Identity cards may be
history for British citizens - but what about all the personal details
collected by the government and stored on its national identity
Anyone who imagined it would simply be a case of an official somewhere hitting delete is in for a rude awakening.
The Home Office is seemingly planning an orgy of destruction,
as expensive and barely-used equipment is removed from offices and
destroyed - all in accordance with government guidelines on recycling,
A document from the Identity and Passport Service details the
meticulous steps that will be taken to wipe the ID register from the
face of the earth, once the Identity Documents Bill has received Royal
Assent, expected before the end of the year.
It reads like a toxic waste disposal log, as any machine that
has ever come into contact with the personal details contained on the
database is either cleansed of its contents or fed into the shredder.
It would, of course, be a public relations disaster for the
government if any of the data fell into the wrong hands - as well as a
potential security threat for those on the register.
Nobody wants a repeat of the HM Revenue and Customs lost discs fiasco.
Which is why Home Secretary Theresa May has ordered the
equipment that held the data to be physically destroyed, rather than
simply wiped clean.
The document reveals that recently purchased systems for
collecting fingerprints and biographical information from ID card
applicants is to be removed from four passport offices in the areas
where the ill-fated ID scheme was being trialled - in London,
Manchester, Liverpool and Blackburn - and "disassembled".
Similar equipment at London City Airport and Manchester
Airport, where trials of the scheme took place with airside workers, has
already been removed.
Destruction of this equipment might have been avoided if the
data it collected had been stored centrally as it was meant to be. But
there is evidence that some was accidentally stored locally, the
document reveals, so off to the dump it must go.
Any data collected by the Home Office's "early interest"
website, where people could put down their name for an ID card, will
also be physically destroyed, the document reveals.
But 200 computer terminals in five "back offices", where
officials processed applications and ran background checks, will be
spared the crusher.
Instead, workers will have to "provide file locations of
extracted data" so that the Home Office team can put together an "audit
record of data deletion".
But any paper records at the five offices will be shredded on
site and the company that booked appointments for people applying for a
card, Teleperformance, will have to destroy their spreadsheets.
Anti-ID card campaigners often warned about the dangers of storing
all of the ID data in one place - making it potentially vulnerable to
hacking, only to be assured by ministers from the previous government
that this would not happen.
So it is fascinating to read that there are two separate
locations in the UK where all of the biometric and biographical
information gathered by the ID card scheme is, or has been, stored.
The "core" of the database is held by French defence contractor Thales, at its secure data centre in Doncaster, South Yorkshire.
If you are one of the 15,000 people who applied for an ID
card before the scheme was cancelled, your personal details - name, date
and place of birth, address, signature, fingerprints if you gave them,
photograph, national insurance number, nationality and immigration
status, will be stored here.
But the full database has also been stored by 3M Security
Printing and Systems, in Chadderton, Greater Manchester, which had the
job of manufacturing the ID cards.
All identity database storage media from the Thales and 3M
sites, such as hard disks, back-up tapes and seven different types of
server, will be removed and "physically destroyed by shredding". Network
switches, routers, firewalls and other assorted paraphernalia will be
The Home Office will have to buy some equipment from 3M specifically in order to destroy it.
The document also reveals details of the back-up systems in
place to prevent data loss. Live data from Doncaster is replicated to a
"disaster recovery" facility at Crawley and back-up tapes from both
sites are "taken off site to Wakefield" by American data storage
specialists Iron Mountain.
But, in another twist, the document also reveals that not all
identity data will be destroyed - some will be kept for the purposes of
"This data will then be deleted or stored as necessary to
ensure watch lists are up to date and that the integrity remains in
place for further applications to IPS for travel documents," says the
"Each case will be considered individually before a decision is made whether to retain or delete data," it adds.
And the identity register will, of course, live on for foreign nationals working in the UK.