ContactPoint, the national database of all children in England, will always face data security threats because “risk can only be managed, not eliminated”, a review of security procedures by the consultancy firm Deloitte has found.
Although the independent review did not identify significant weaknesses in the data security controls, it did find a number of minor failings over how management was using the local data quality tool.
“While the ContactPoint team can design strong controls into the system and provide good advice to connecting organisations, there is a limit to their ability to enforce good practice or to monitor incidents and control breakdowns,” the review said.
It recommended the Department for Children Schools and Families conduct government-wide security initiatives to “maintain and enhance” roles, responsibilities and accountability for the system.
ContactPoint, one of the outcomes of the Every Child Matters programme, sets out to improve information sharing between agencies by holding basic information on all children.
This will include identifying information, contact details for schools, GPs or other services, and will indicate whether a practitioner or service is assessing that child, but it will not hold any case information.
Richard Stiff, director of children’s services at North Lincolnshire Council and Association of Directors of Children’s Services member, described ContactPoint as a “necessary and powerful tool” and said there was a “critical need” for a system to help agencies work together to avoid tragic deaths.
Stiff said: “The report has not exposed any fundamental problems. The recommendations do not present any insurmountable issues for local authority users.”
Although the government has not published the full report because of security risks, Kevin Brennan the parliamentary under-secretary of state for children, young people and families, confirmed last week that the government had accepted all of Deloitte’s recommendations and would ensure that “security is ingrained in all aspects of the ContactPoint Project team’s work”.
In response to the review, Dame Mary Marsh, NSPCC director and chief executive, said: “Better information-sharing among statutory and voluntary agencies plays a vital role in keeping children safe and ensuring they receive the help and support they need.”