Similarly s119 of the Act purports to empower the Secretary of State to disclose information collected for social security purposes to "any civil servant or other person". It is our view here that such "other person" must be in the same position as a civil servant and cannot be an employee of a private company contracted to supply Connexions services.
Whilst this might in normal circumstances not be a matter for you to consider, we believe that it is highly relevant to the way in which Connexions is being run as it has become apparent that, certainly at a local level, the scheme is being administered by various private companies. We are concerned that information may be being shared under the guise of the Connexions scheme with people who are not entitled to receive it.
Those who are permitted by the LSA 2000 to share information are set out in s120(2) of the Act. As we construe that section, information about a young person may only be shared by and between local authorities, Health Authorities, the Learning and Skills Council for England, chief officers of police, probation committees, youth offending teams and Primary Care Trusts and no other "persons and bodies". However, it seems to us that it is contemplated by the scheme that the data will be shared much more widely. We are concerned that the sharing of data with private companies and sub-contractors selected by them exceeds the powers granted by the Act.
In any event, we do not believe that data subjects are sufficiently informed about who is accessing the data they provide and that the data is shared in ever widening circles without further reference back to the data subject. This is all the more important in our view as the data subjects can be as young as 13.
Many companies involved in the provision of Connexions services also operate recruitment agencies and management consultancies. We can see grey areas where there will be conflicts of interest which will arise when a Connexions service is both advising young people as to career and employment choices, and simultaneously being paid by a company to pre?select staff. We have checked the registrations maintained under the Data Protection Act for these companies and we are alarmed to see just how many classes of data those involved in Connexions can collect, and the large number of people with whom it can be shared.
We do not believe that data subjects are made sufficiently aware of this, and are concerned that they might not understand fully the potential for conflicts of interest, be able to discover whether they exist or ensure that adequate and public procedures are in place to prevent them occurring.
Under the provisions of the Data Protection Act consent cannot be inferred from inaction. Section 117(2) LSA 2000 conflicts with this as it requires action to be taken to prevent disclosure. It seems to us that the provisions of the DPA should prevail and we would welcome your view upon this.
In addition to each Connexions partnership being required to maintain its own database, it is also required to share the information it has with any other agency involved in the delivery of the Connexions service. Indeed, a 'Connexions partner's' participation in and funding by the Connexions service is conditional upon their willingness to share information. Whilst the DfES has now stated that consents must be obtained from data subjects, we are concerned that the connection between sharing and funding may well affect the way in which partnerships elicit such consents as they might obtain from young people supplying their personal details.
Those documents and websites which we have seen simply ask whether the data subject minds having their information supplied to "third parties"; it does not say who they might be, nor for what purpose the information supplied will be used by the partnership requesting it, let alone any third party. It does not seem to us that this complies with the fair processing code.
For example, on the Connexions Card site: http://www.connexionscard.com/mainsite/data.htm the question "How will my data be used?" is answered completely inadequately by the statement "You will have the right under the Data Protection Act to opt out of receiving further communications and to withdraw permission for details to be passed onto third parties. You can call our helpline on 0808 172 3333 if you change your mind at any time." This affords no explanation of how the information gathered will be used by Capita, let alone by anyone else with whom Capita decides to share it.
An article based upon an interview with Capita appeared in the Times Educational Supplement and it was reported that Capita admitted that it was using information collected from those applying for, and using the Connexions Card, to compile customer profiles and as a marketing tool. This purpose is not disclosed to data subjects, indeed young people at school, in our view, would not expect the information they supply to be used for commercial purposes; if it is deemed morally acceptable that this should be allowed, then at least there should be clear statements to that effect.
Young people will be encouraged to apply for a Connexions Card both directly and because of the advertised benefits of doing so: they can use the cards to purchase discounted services and other "rewards". Personal information is required to be given when young people apply for a card. The TES article also reported that it was conceded by Capita that if the data subjects are not prepared to disclose the information sought on application for a Connexions Card, they will put at risk their access to any discounts. The entire article can be viewed at: http://www.tes.co.uk/search/search_display.asp?section=Archive&sub_section=Further+education&id=350641&Type=0