The rationale behind the imminent birth of the Citizen's Account, and the legal issues involved

The 1st of April 2006 will see the start of the new Scotland-wide free bus scheme for older and disabled people. The significance of this development for solicitors with an interest in data protection lies in the fact that the National Concessionary Transport Scheme is the first scheme which will be administered using the new Scottish entitlement card.

The entitlement card – which will shortly start dropping through the letterboxes of those eligible to receive concessionary travel – contains an electronic chip to hold information and is intended to be used to administer a range of local authority services in addition to the concessionary travel scheme. The entitlement card is the most highly visible outcome from work carried out as part of the Customer First programme.

Customer First and the Citizen’s Account

Customer First is a Scottish Executive-sponsored programme developed in partnership with Scotland’s 32 local authorities. The key objectives are to deliver more convenient and responsive public services; to encourage the takeup of online services; and to ensure that, wherever possible, service requests are dealt with at first point of contact.

Customer First is a large-scale, long-term project and is being led by the Improvement Service. The Improvement Service, constituted as a company limited by guarantee, is a partnership between the Scottish Executive, the Convention of Scottish Local Authorities and the Society of Local Authority Chief Executives in Scotland. It has been established to support continuous improvement by local authorities and its creation reflects the fact that local authorities have, by virtue of section 1 of the Local Government in Scotland Act 2003, a statutory duty to “secure best value”. “Best value” is defined as continuous improvement in the performance of an authority’s functions and this is to be achieved by balancing quality and cost while having regard to efficiency, effectiveness and economy.

Over the last few years many local authorities have invested in creating telephone contact centres to allow the public easier access to information and services. The ability to identify callers accurately and quickly is clearly essential. There is also a need for local authorities to be able to share and exchange information as an increasing number of people lead lives that regularly bring them into contact with more than one authority – for example individuals who live in one area but own property in another area.

To allow for the modernisation of the way public services are delivered, a key element in the Customer First programme is the creation of an electronic customer record – the citizen’s account – for each citizen. The intention is that this will allow the customer to be put first in the design and delivery of services. The citizen’s account will provide a secure method of identifying individuals and facilitating data sharing within the public sector. The creation of the infrastructure necessary for operation of the citizen’s account will make possible data sharing within the public sector on a scale not previously experienced.

Restrictions on data sharing

If a public authority wishes to share data, there are two major considerations which have to be addressed:

(i)    does the authority have the necessary power to engage in data sharing; and

(ii)    does the data sharing comply with the provisions in the Data Protection Act 1998?

In considering whether data sharing is intra vires or ultra vires, local authorities can rely on section 69 of the Local Government (Scotland) Act 1973, which permits them to do anything “which is calculated to facilitate, or is conducive or incidental to, the discharge of any of their functions”. This longstanding general power has been supplemented by provisions in the 2003 Act. Section 15 of that Act contains powers to promote community planning including, in subsection (3), a power allowing local authorities to combine for the purpose of delivering services. Section 20 (1) gives a local authority power to do anything “which it considers is likely to promote or improve the well-being of… its area and persons within that area”.

All those involved in the processing of data will be familiar with the need to comply with the eight data protection principles which are set out in Schedule 1, Part 1 to the Data Protection Act 1998. Of particular relevance in the case of the citizen’s account are the first and second principles, which require that data are processed fairly and lawfully and only obtained for a specified purpose.

The 1998 Act does permit the processing of data if “the processing is necessary… for the exercise of any other functions of a public nature exercised in the public interest by any person”. This provision is contained in paragraph 5(d) of schedule 2 and it could be argued that this allows for the creation of a citizen’s account. However, the requirement that the processing be “necessary” makes it difficult to rely on this provision to justify data sharing. Although the potential advantages deriving from the implementation of a citizen’s account are significant, it is debatable whether these are simply desirable as opposed to being “necessary”. In view of this, the approach which has been adopted to implement the citizen’s account is that the account will be voluntary. The account will only be established with the informed consent of individuals and no service will be withheld if consent is not given.

How the citizen’s account will work

In accordance with the principle of informed consent, individuals applying for the Scotland-wide free bus scheme have been asked to consent to the sharing of certain basic details (their name, gender, address and date of birth) within and between Scottish councils and the Scottish Executive. The purposes for which consent has been asked are to ensure that their personal details are correct wherever they are held, and to identify and administer other public services which they may be eligible to receive.

To allow for the citizen’s account to operate at a Scotland-wide level, it will be necessary to establish a secure and sustainable national data-sharing structure. The national database will contain the basic details referred to above in respect of those individuals who hold or who have held a citizen’s account. The account will act as a gateway to the information already stored in existing public sector databases and will not contain any service-specific information: this will continue to be held by individual authorities. The database will be accessible to all local authorities for the purpose of delivering services, but access will be carefully controlled so that only authorised users can view the data.

Given the size of the database – which, over time, it is hoped will cover the whole population of Scotland – it is essential that all individuals are correctly identified. To ensure that this can be achieved, everybody holding a citizen’s account will be allocated a unique citizen reference number (UCRN).

It is proposed that the UCRN for individuals born in Scotland will be their birth registration number which is allocated by local registrars on behalf of the General Register Office for Scotland. A separate UCRN will be allocated to those individuals who have been born outwith Scotland. To ensure that the Registrar General has the necessary authority to participate in the development of the citizen’s account, a new statutory power is to be introduced.

The Local Electoral Administration and Registration Services (Scotland) Bill, which was introduced to the Scottish Parliament on 19 December 2005, contains provisions in relation to the administration and conduct of local government elections and amends the law in relation to the registration of births and deaths and allied matters. Clause 47 confers power upon the Registrar General to create and maintain “a register of individuals” for the purposes of facilitating the carrying out of the functions of local authorities. The explanatory memorandum published with the bill makes clear that clause 47 is intended, among other things, to empower the Registrar General to assist in the operation of local authority schemes such as the citizen’s account.

Big Brother or best value?

At a time when the UK Government’s plans for a national identity card scheme are attracting fierce criticism, the development of the citizen’s account could be seen by some as an attempt to create an identity card by the “back door”.

On the other hand, in an age when supermarkets find it advantageous to monitor what their customers purchase, is it not desirable that local authorities should have access to an up-to-date list of names and addresses to assist them in providing services?

There is no doubt that the objectives of the Customer First programme to improve the delivery of public services will be assisted with the implementation of the citizen’s account. In addition to improving the quality of service delivery, the citizen’s account will create potential for cost savings and help improve efficiency at a time when there is pressure to reduce expenditure in the public sector. The development of the citizen’s account clearly supports local authorities in their duty to secure best value.

As with most changes producing advantages, there are potential risks. In the case of the citizen’s account, it will be necessary to ensure that the principle of informed consent is maintained and adhered to in connection with data sharing. This may be more difficult to achieve in the future given the increased scope for data sharing which will exist after the proposed national infrastructure becomes operational.

Iain Matheson is Legal Services Manager with Fife Council and has advised the Customer First Programme on the terms of the Data Protection Act, but this article has been written in a personal capacity.

Share this article
Add To Favorites