The UK Minister for Education, Michael Gove, today stated in Parliament that he would be moving forward his plans to open up the National Pupil Database, and announced a government consultation on the initiative. The Minister promised that "all requests to access extracts of data would go through a robust approval process and successful organisations would be subject to strict terms and conditions covering their handling and use of the data, including having appropriate security arrangements in place."
This so-called "robust approvals process" is closed and non-transparent, with undetermined 'strict terms and conditions', nor do we have any confidence that the Department of Education has any understanding of the challenges of releasing 'anonymous' data. Today we filed a Freedom of Informatino request asking for more information (available here
PI has previously investigated the conduct of the Department of Education (DfE). This past summer the DfE ran an open data event that was supposedly using 'anonymised data'. At this event one participant, a teenager, was able to identify himself by knowing what GCSEs he did. After that, we asked the DfE to comment on the privacy concerns we raised -- their reassurances were bland, and troubling
The DfE have not adequately considered the challenges of effective 'anonymisation', let alone considered a formal disclosure control process. It is easy to remove names and addresses of students from a dataset, but as these rich datasets consist of information on students over a 14-year period (it runs from ages ~4 to ~18), it becomes much easier to re-identify individuals.
We'll write more next week on the background to this initiative, our concerns about how the UK government is corrupting the open data movement by releasing personal information, and how things can go wrong.