Established 2005 Registered Charity No. 1110656

Scottish Charity Register No. SC043760

current issue

February – March 2024 : The little things READ ONLINE


Are you on CHAIN?

May 18 2009
‚Äö?Ñ??Even without clients‚Äö?Ñ?¥ consent, you can read previous entries on them‚Äö?Ñ?? ¬¨¬© Rufus Exton ‚Äö?Ñ??Even without clients‚Äö?Ñ?¥ consent, you can read previous entries on them‚Äö?Ñ?? ¬¨¬© Rufus Exton
To consent or not to consent? The Pavement has learned that when it comes to CHAIN (the Combined Homeless and Information Network), some people are included on this system without their agreement CHAIN is a computerised information-sharing database system run by Broadway. The database, accessible to registered users only, holds background information on and personal details of hundreds of vulnerably-housed and homeless people in the UK. The information is passed to a variety of people, from outreach workers to hostels, day centres to the police. It can enable outreach workers to discern exactly which borough is responsible for housing clients, as it will relay their geographical movements since their personal file was opened. The great strength of CHAIN, which has been in existence for around seven years, is it reduces cross-working and confusion, especially when dealing with people who tend to travel over the borough boundaries. However, one part of this process is less straightforward. A vital section in the initial CHAIN detail-giving process asks whether the person gives 'consent', though what the individual is consenting to is unclear. And some users are claiming that despite having refused to give 'consent', some people are still on the database, together with all their personal information. One CHAIN user explains: "On the database, there is a section to indicate if consent was given or not. I first noticed this years ago and was very surprised to see that for some people it boldly stated at the top of their page that they had not given their consent to be included on the database." Another CHAIN user confirmed this claim of misuse. "Even without clients' consent, you can read previous entries on them," the source said. In order for personal information to be legally shared under the Data Protection Act in the UK, consent must be given. The Act itself is based on the recognition of a number of Data Protection Principles, and the Information Commissioner implements those principles through Enforcement Notices. Failure to comply with Data Protection Principles can give rise to criminal penalties such as fines. Ian Shenstone, the information team leader managing CHAIN and its internal monitoring service, claims that 80-90 per cent of the approximate 17,257 clients currently logged onto the CHAIN system have consented to having their information shared. He explained that the three options for workers logging new clients onto CHAIN: written consent, signed by the client; verbal consent, for those who cannot for one reason or another physically sign their consent; and a third type for those deemed too incapacitated or intoxicated to give a balanced judgment at that point in time. "This third action for consent is always considered temporary and we would revisit those criteria when the client is considered more lucid," says Mr Shenstone. But what happens to the background information and personal details of the 10-20 per cent who have refused to give consent? Despite users stating otherwise, Mr Shenstone denies that any violations of the Data Protection Act have occurred: "It is clear when a user signs up for CHAIN that recording information about the client's consent is part of the data entry process. If someone refuses to give consent, their information is erased from the system," he says. "Of course, it is possible that a worker at an agency using CHAIN could ignore this part of the procedure, but we have to leave a certain amount of trust in the agencies. When agencies sign up to CHAIN, they have to sign up to a number of data protection clauses. "If it came to light that malpractice was going on and an agency had used any clients' information inappropriately, then we would have to retract their use of the system immediately. But this has never happened." Regardless of whether or not users of CHAIN have been acting within the law, change may well be on its way. With the recent accidental loss of government tax records and driving licence records, public demand for tougher enforcement action against government authorities who breach the Data Protection Act has strengthened. Unsurprisingly, the question of whether to consent or not to consent to sharing your information holds no simple yes or no answer. "On the whole, the scope and enforcement of the Act are incomplete and patchy," says London-based solicitor, David Glass. "However, one has to weigh the argument for tightening the Data Protection legislation against the public's contradictory interest in arguments for freedom of expression and access to information."