How ID card database will be destroyed

By Brian Wheeler
Political reporter, BBC News

image captionComputer breakers are going to be working overtime

Identity cards may be history for British citizens - but what about all the personal details collected by the government and stored on its national identity database?

Anyone who imagined it would simply be a case of an official somewhere hitting delete is in for a rude awakening.

The Home Office is seemingly planning an orgy of destruction, as expensive and barely-used equipment is removed from offices and destroyed - all in accordance with government guidelines on recycling, of course.

A document from the Identity and Passport Service details the meticulous steps that will be taken to wipe the ID register from the face of the earth, once the Identity Documents Bill has received Royal Assent, expected before the end of the year.

It reads like a toxic waste disposal log, as any machine that has ever come into contact with the personal details contained on the database is either cleansed of its contents or fed into the shredder.

It would, of course, be a public relations disaster for the government if any of the data fell into the wrong hands - as well as a potential security threat for those on the register.

Nobody wants a repeat of the HM Revenue and Customs lost discs fiasco.

'Early interest'

Which is why Home Secretary Theresa May has ordered the equipment that held the data to be physically destroyed, rather than simply wiped clean.

The document reveals that recently purchased systems for collecting fingerprints and biographical information from ID card applicants is to be removed from four passport offices in the areas where the ill-fated ID scheme was being trialled - in London, Manchester, Liverpool and Blackburn - and "disassembled".

Similar equipment at London City Airport and Manchester Airport, where trials of the scheme took place with airside workers, has already been removed.

Destruction of this equipment might have been avoided if the data it collected had been stored centrally as it was meant to be. But there is evidence that some was accidentally stored locally, the document reveals, so off to the dump it must go.

Any data collected by the Home Office's "early interest" website, where people could put down their name for an ID card, will also be physically destroyed, the document reveals.

But 200 computer terminals in five "back offices", where officials processed applications and ran background checks, will be spared the crusher.

Instead, workers will have to "provide file locations of extracted data" so that the Home Office team can put together an "audit record of data deletion".


But any paper records at the five offices will be shredded on site and the company that booked appointments for people applying for a card, Teleperformance, will have to destroy their spreadsheets.

image captionThe identity database will live on for foreign nationals in the UK

Anti-ID card campaigners often warned about the dangers of storing all of the ID data in one place - making it potentially vulnerable to hacking, only to be assured by ministers from the previous government that this would not happen.

So it is fascinating to read that there are two separate locations in the UK where all of the biometric and biographical information gathered by the ID card scheme is, or has been, stored.

The "core" of the database is held by French defence contractor Thales, at its secure data centre in Doncaster, South Yorkshire.

If you are one of the 15,000 people who applied for an ID card before the scheme was cancelled, your personal details - name, date and place of birth, address, signature, fingerprints if you gave them, photograph, national insurance number, nationality and immigration status, will be stored here.

But the full database has also been stored by 3M Security Printing and Systems, in Chadderton, Greater Manchester, which had the job of manufacturing the ID cards.

'Disaster recovery'

All identity database storage media from the Thales and 3M sites, such as hard disks, back-up tapes and seven different types of server, will be removed and "physically destroyed by shredding". Network switches, routers, firewalls and other assorted paraphernalia will be spared.

The Home Office will have to buy some equipment from 3M specifically in order to destroy it.

The document also reveals details of the back-up systems in place to prevent data loss. Live data from Doncaster is replicated to a "disaster recovery" facility at Crawley and back-up tapes from both sites are "taken off site to Wakefield" by American data storage specialists Iron Mountain.

But, in another twist, the document also reveals that not all identity data will be destroyed - some will be kept for the purposes of investigating fraud.

"This data will then be deleted or stored as necessary to ensure watch lists are up to date and that the integrity remains in place for further applications to IPS for travel documents," says the document.

"Each case will be considered individually before a decision is made whether to retain or delete data," it adds.

And the identity register will, of course, live on for foreign nationals working in the UK.

More on this story

Related Internet Links

The BBC is not responsible for the content of external sites.