By Dr Chris Baldwin, Senior Lecturer in Law
On 15 January 2021, The Times broke the news that a ‘human error’ had resulted in the deletion of 150,000 pieces of criminality data on the Police National Computer. The story quickly escalated and within days there were reports of up to 400,000 records having been deleted, accompanied by complaints that the data loss would result in an increased risk to public safety.
There is a depressing familiarity to all of this. The police, in collaboration with the Home Office, have been collating data about criminal offences and offenders in England since 1869. By 1970 the Criminal Record Office filled two whole floors of Scotland Yard with two million paper files filled with criminality data.
Advances in technology have allowed the police to build several enormous computerised repositories. There is the National DNA Database (NDNAD), which holds the DNA samples of some five and half million individuals. IDENT1 is a national fingerprint database holding some eight million or so individual records and over two million crime scene records.
Fingerprints and DNA samples are worthless if they cannot be linked to an individual (or individuals). The police therefore have a Police National Database (PND); a centralised system sharing local police records with other police forces. The PND is intended to prevent ‘another Soham’ – referring to the high-profile abduction and murder of Holly Wells and Jessica Chapman by Ian Huntley - and contains ‘police intelligence’ and custody photographs.
The fourth, and oldest, police criminality database is the Police National Computer (PNC). It went online on 1 April 1974 – and was originally little more than a repository of vehicle registration details, reports on missing persons and photographs of fingerprint records. Criminal convictions weren’t uploaded until 1985 and it wasn’t until May 1995 that all ‘criminal records’ were intended for computerisation onto the ‘Police Home Office Extended Names Index’, or PHOENIX, database.
PHOENIX is where all ‘Penalty Notices for Disorder’, cautions, warnings, reprimands and convictions listed against named individuals are recorded. They also list other police contacts, such as arrests, ‘no further action’ disposals (NFA), charges and acquittals. Such information does not result in either an admission of guilt or a court conviction. This data is ‘recorded’ and can be used as evidence of a person’s ‘bad character’ in a criminal trial and can be disclosed as part of an Enhanced DBS check at the discretion of a chief police officer. It is also precisely the information which is currently being reported as ‘missing criminal records'.
Information relating to the PND and the PNC is almost impossible to find. It is usually only possible to obtain information by using Freedom of Information requests or by trying to piece together rare public statements regarding the systems. One such request confirms that there are around 12 million records held on PNC/PHOENIX.
This secrecy makes the statement made by the Minister for Policing on the current situation especially instructive. The minister claimed initially that ‘213,000 offence records, 175,000 arrest records and 15,000 person records’ had been deleted. Yet, later in his statement, he answered a question about the nature of the deleted data by stating that only NFA disposals had been expunged. These appear to be contradictory positions. NFA’s are extremely unlikely to relate to the 213,000 ‘offence records’. The likelihood is that 213,000 cautions, warnings, reprimands or convictions have been deleted.
Should we be concerned for public safety?
Should the public be concerned? The Home Office insists that no information relating to ‘serious criminals’ has been deleted, without clarifying what has been deleted or what a ‘serious criminal’ is. The deletion of any criminal conviction data would certainly have important ramifications on decisions on charging, bail and sentencing. Such data plays an important part of these processes.
The impact on everyday policing is probably far smaller. The minister was unable or unwilling to confirm the claims that around 56,000 DNA and fingerprint profiles were deleted. It is easy to envisage how that might detrimentally impact police investigations.
However, despite consistent claims from chief officers, no convincing evidence has ever been offered to explain just how a computerised list of criminal convictions help to prevent or detect crime. The quality of data is key here, especially in respect of old, inactive, minor records: really, how can a 20-year-old caution for shop theft contribute to operational policing?
The ‘public safety’ argument in favour of retaining lengthy records of minor convictions and police contacts has never been strong. Despite some inevitable scaremongering, the reality is that it is extremely unlikely that serious offenders will be free to commit offences as a result of this data loss and that it probably makes no marked difference in the police’s ability to prevent such offences.
Data protection breach
The police, in deleting 400,000 records, are in breach of data protection law. Per section 38 of the Data Protection Act 2018, the police have a legal obligation to ensure that their records are ‘accurate and up to date’. Records which are incomplete because a ‘coding error’ resulted in records being erroneously deleted are clearly neither ‘accurate’ nor ‘up-to-date’.
Unfortunately, this is not the first time records have suffered from inaccuracy problems. Convening an investigation after anecdotal evidence pointed towards problems with the criminal records over a decade and more, in 1990 a Parliamentary Scrutiny Committee described the national collection of records to be in a ‘very unsatisfactory state’.
The situation was so bad by 2000 that an official inspection was convened to review PHOENIX data. The report was damning. It was left to the Home Secretary to tell MPs that: ‘the police records system is seriously inadequate. It is a very bad state of affairs’. The situation came to a head at Soham, where poorly maintained, incomplete and inaccurate records allowed Ian Huntley to obtain a ‘clean’ criminal record check despite having had nine previous police contacts in two force areas, including arrests.
‘Weeding’ of criminal records
The most interesting revelation in all of this is that the police are actively deleting, or ‘weeding’, criminal records. For years, the police liaised with the Information Commissioner to draft policies for the deletion of old, criminal records. The policies changed during the 1990’s and early 2000’s but it was Soham that shifted the landscape. The result was a revised policy which proposed ending ‘weeding’ in favour of retaining all data until the subject was aged 100 years old.
That seemed to be the end of the matter. However, it now emerges that engineers have been installing a ‘weeding code’ into the PNC. This code is intended to run on a weekly basis to remove NFA and other ‘event history’ information. There has been no public announcement of this new approach.
The re-implementation of a weeding policy is very welcome. It brings England into line with most other western democracies. It recognises the fundamental right of people to be considered innocent until proven guilty. It will reduce the extremely damaging use of such data in DBS certificates, which have resulted in many people struggling to find work because they don’t have a ‘clean record’. There is much scaremongering in respect of the deletion of this data. That is likely to prove ill-founded. Despite some press coverage noting that (arguably too) many domestic violence investigations have resulted in NFA disposals, it seems highly unlikely that the police will be weeding this data. A clear statement clarifying precisely what is being deleted under this new ‘weeding procedure’ could allay such fears.
What is clear is that this story is far from complete and it is not clear what will happen next. Much remains unanswered. Can the data be retrieved, and, if it can, should it? Where does this leave the ‘weeding’ policy? Will it now be amended, or even abandoned? And will these issues be discussed in public, rather than in the secrecy which usually shrouds police data systems?
It will certainly be interesting to see how things develop in the coming weeks and months.
Published: 2 March 2021