The current debate between the Department for Work and Pensions (DWP) and local authorities centres around the data sharing memorandum of understanding (MoU), with some councils, particularly in London, refusing to sign and seeking legal advice. On the other hand, other councils perceive the new MoU’s provisions to be reasonable, reflecting the diverse range of attitudes towards this critical matter.
The MoU is designed to limit data use and establish robust security measures to protect it. These stipulations are hardly surprising, considering that a significant portion of this data originates not from the DWP, but Her Majesty’s Revenues and Customs (HMRC).
HMRC has a long history of being reticent about data sharing. Over twenty years ago, they were reluctant to share data with law enforcement or fraud investigation teams, as they perceived it to overstep data protection legislation and confidentiality rules. Despite various laws enacted to facilitate data sharing, HMRC remains a cautious participant, even in cases where data sharing is mandated.
Both central and local governments envision a seamless network of services powered by real-time data sharing. However, public sentiment is quite nuanced. Citizens are amenable to the idea of their data being used for different public administration purposes, but with a catch. They want the usage to benefit them, not lead to their detriment. For instance, people are comfortable with data collected for council tax administration being used for automatic issuance of library cards, leisure cards, or GP registrations. However, the same public feels differently about this data being used for income tax recovery.
A tangible manifestation of public opinion lies in the register of electors, which now offers a permissive data share version accessible to businesses and charities. This version has seen a significant increase in people opting out, from 14.6K in 2013 to 29.1K in 2022, indicating that 68% of voters do not want their electoral data used for credit checking and financial services compliance. Even if that may be to the customers benefit.
Amidst such data-sharing apprehensions, HMRC and DWP are especially cautious about the data shared with local councils. The councils might use it beyond administering council tax support, possibly extending to council tax collection, discretionary financial support, or housing fraud investigation.
The DWP, acting as an intermediary, is equally concerned about how councils will protect and use its data, particularly that collected for other social security benefits. This entire scenario is like a fragile “data house of cards,” capable of collapsing rapidly, to the potential detriment of all parties involved.
The implications are far-reaching. Banks and building societies now demand more proof of address than before, a trend traceable to the introduction of opt-out options in the register of electors in 2013. Furthermore, the EntitledTo organisation estimates that some £15bn of benefits goes unclaimed each year, potentially linked to the fear of “poverty shaming” and concerns about data sharing, leading to claims of fraud or error.
As for the fate of the DWP MoU on data sharing, it is expected to undergo minor amendments to gain approval. However, the department is likely to continue demanding more assurances that shared data will be restricted to its original collection purpose. There is a reluctance for the department to gather further permissions for broader local government uses of which it has no control, as it might deter people from claiming benefits they are entitled to.
Another critical aspect of this conversation involves the risk of cyber-attacks. Both Capita and Equifax have experienced significant data loss due to hackers, while at least eight councils have fallen victim to successful cyber-attacks in the past two years.
Therefore, it is not surprising that the DWP is imposing stricter requirements for a data sharing agreement. However, whether these requirements are reasonable or whether the DWP’s communication about these changes has been effective is another matter entirely and a subject for ongoing debate. The future of public data sharing hinges on how these complex issues are navigated.