Email this page to a friend

Gimbert Petition

IN TYNWALD 7th July 2008

To the Honourable Members of Tynwald Court

The Humble Petition of Rodger Gimbert, 30 Derby Road, Peel, IM51HP
 

Sheweth that Isle of Man Government and Civil Service departments routinely transfer data, including that which may be both sensitive and personal, to Government departments in the United Kingdom and other jurisdictions. However, in 2007 Her Majesty's Revenue and Customs (HMRC) lost the confidential details of twenty five million child benefit recipients, including bank and building society details, National Insurance numbers, addresses and child records. Widespread public concern over this disaster lead to the Poynter Review published on 25th June 2008. This report prefaces that 'The loss was entirely avoidable and the fact that it could happen points to serious institutional deficiencies at HMRC.' and states (page 37) that 'Large amounts of data are transferred both within HMRC and to external government bodies with insufficient regard to risk and security'.

The widespread cultural failings exposed at HMRC may well feature in other UK Government departments which handle data transferred from the Isle of Man. The UK Information Commissioners Office (lCO) press release on this matter, also dated 25th June 2008, refers to 'deplorable failures’ and states that HMRC breached Data Protection requirements and will be served with a formal enforcement notice.

Whilst concerns about data losses in the UK have been raised in Tynwald there has been insufficient discussion for Tynwald to make a determination .about how to properly protect Isle of Man residents from all the urgent issues arising from the risk of the loss of our data when it is transferred outside the Isle of Man.

There is also the issue of how data transferred to other jurisdictions may be misused.

The 8th June 2008 House of Commons Home Affairs Committee report 'A Surveillance Society?' noted the great public concern caused by the HMRC data loss and referred to the UK Information Commissioners 2006 'Report on the Surveillance Society' which refers to the many new data collection and surveillance practices created by the UK since Tynwald passed the Data Protection Act 2002. The Home Affairs Committee report summarised that 'Mistakes in or misuse of databases can cause substantial practical harm to individuals - particularly those who have little awareness of or control over how their information is used.’. Data transferred outside the Isle of Man that is lost, misused or transferred elsewhere creates unknown risks. The Home Affairs Committee further summarised that the UK Government should now acknowledge the fact that loss of privacy through excessive surveillance erodes trust and changes the relationship between citizen and state. The Home Affairs Committee concluded (page 101 para 16) 'that the longer information is retained, the more likely it is that the information will become inaccurate' and that (page 102 para 18) 'Any increase in the collection and storage of information increases the risk that security will be breached and that the information will be used for purposes other than those for which it was collected'. Additionally the 11TH June 2008 House of Lords European Union Committee Report into the Passenger Name Record (PNR) Framework Decision heavily criticises the current EU initiative to require all member States to collect Passenger Name Record data for sharing across the EU for unspecified purposes in addition to fighting terrorism and organised crime. There is, therefore, a risk of intrusive surveillance resulting from excessive and inappropriate data collection particularly by the UK government, its agencies and other jurisdictions.

Therefore, to protect the Isle of Man and its residents from both the risks of data loss and any form of unknown or constant surveillance, Tynwald must know what data is being transferred from the Isle of Man to other jurisdictions and why. Tynwald must further be assured that data being transferred outside the Isle of Man is for necessary purposes and is safeguarded and ring-fenced. All the Principles of the Isle of Man Data Protection Act 2002 must apply in every instance with the First Principle of sensitive personal data being rigorously applied such that the conditions in Schedule 2 and Schedule 3 are met. Tynwald should take note of the Second Principle being the 'purpose for which data are obtained and processed', the Fifth Principle being the 'time for keeping data' the Seventh Principle 'measures against misuse and loss of the data’ and the Eighth Principle 'transfer of data abroad'.

WHEREFORE Your petitioner prays that Tynwald without delay appoint a Select Committee to establish what data on Manx Residents is being transferred to United Kingdom Government departments and other jurisdictions from Isle of Man Government and Civil Service departments. And that, in the light of the data loss by Her Majesty's Revenue and Customs, the Select Committee recommends the measures Tynwald must put in place on behalf of all Manx residents to minimise the amount of data transferred. And further that the Select Committee recommends the measures Tynwald must put in place to safeguard all transferred data against the risk of any loss and misuse arising in the United Kingdom or other jurisdictions.

And your Petitioner will ever pray etc.

Rodger Gimbert

[Steam Packet User Agmt] [Webcasts] [Consultation] [Weasel Words] [Braddan Hearing] [Depositor Compensation] [Duffy Petition] [Gimbert  Petition] [Energy Policy] [Gawnes Green Vision]