The National Policing Improvement Agency today publishes a code which governs the use of a new intelligence system that, in effect, implements some of the main recommendations of the Bichard inquiry into the murders of schoolgirls Holly Wells and Jessica Chapman.
The new Police National Database is due to be launched later this year. It should, for the first time, allow forces across England, Wales, Scotland and Northern Ireland to share, access and search existing local intelligence and operational information on a national basis.
A lack of data sharing was blamed, in part, for preventing the employment as a school caretaker of Ian Huntley who was convicted of the so-called Soham murders.
Huntley had been accused of sexual offences before he took the job at the Soham school but two police forces failed to spot the allegations when he was vetted for the position.
The report by Sir Michael Bichard said:
"An IT system capable of allowing police intelligence to be shared nationally is a priority.Now a statutory Code of Practice has been laid before Parliament. It's designed to ensure the consistent and lawful use of the Police National Database [PND] across the Police Service and is one of a series of measures to guard against misuse of the new system, sitting alongside role-based access controls and individual user security checks.
"This recognition has not, however, always been matched by effective action. Nationally, the picture is disappointing. Although the need for a national intelligence IT capability has been recognised for at least a decade, I find that very little progress has been made."
The PND is aimed at the protection of the public in three main areas:
- children and vulnerable people
- reducing the risk of terrorist activity
- disrupting and preventing major, serious and organised crime.
A report commissioned by the Joseph Rowntree Reform Trust said that the Police National Database will hold information suspects, victims, witnesses, objects, locations and events. Forces will be able to share text, images, files, maps, video and audio.
Will rumour and suspicions on the PND taint the innocent?
The new system is for intelligence - not specifically for the purposes of gathering evidence for a court case.
One of the challenges for police will be including on the system suspicions and rumour which could detect a potential Huntley, but which would not unwittingly incriminate the innocent, or inaccurately impugn their reputations.
There is little in the code of practice on this subject.
Users of social services systems have a similar challenge when deciding what information to put on databases. To what extent do they include unproven allegations, perhaps from a disgruntled neighbour?
The PND code does makes it clear that officers will be able to request that others use the system on their behalf, though only in a lawful way.
Home Office Minister for Identity, Meg Hillier MP, said: "When the PND is delivered later this year it will provide forces with a powerful new tool to fight crime and protect the most vulnerable in society.
"But it is vital that forces use this new information-sharing capability in a consistent and lawful way and for policing purposes only. The Code of Practice will enshrine these principles across the Police Service."
The PND forms part of the NPIA's IMPACT IT-enabled change programme, which was established in 2005.
The IMPACT Nominal Index has been an interim information-sharing system which allows forces to see if information on a suspect is held by another force. An enquiry must be then made to the force in question to find out what that information is. The PND will allow this information to be shared instantly.
Forces will start to load data onto the PND in May this year and will start to use it in the autumn.
What the Code of Practice says:
These are some of the points in the new Code of Practice:
- Each chief officer, usually the Chief Constable, is a data controller, in common with all other chief officers, for the personal information held on the system. As such, all chief officers share the responsibilities of data controllers set out in the Data Protection Act 1998.
- The PND is to be used solely for policing purposes:
a) protecting life and property;
b) preserving order;
c) preventing the commission of offences;
d) bringing offenders to justice; and
e) any duty or responsibility of the police arising from common or statute law.
- Chief officers should prioritise the use of the PND accordingly but are free to use the
PND for all policing purposes.
- Whilst the code of practice and accompanying guidance provide advice, it is the responsibility of chief officers to decide what information to place on the
system, what information to withhold from the system, and what restrictions to apply
on access to and use of the information, and to accept the risks of any such decisions.
Similarly, chief officers are responsible for how information on the PND is used by
- The PND is an intelligence data-handling system rather than an evidential system; it is a repository for copies of records which are held locally by forces: should PND
information be required for evidential purposes it will be necessary to obtain the
original information from the data provider.
- Chief officers should be as open and transparent as possible about the information
held on the PND and how it is used. It should be made clear that information gathered
by forces may be placed on a national system and shared with other forces and other
law enforcement bodies.
- A policy for the use of the PND must be applied within each police force.
- Where information is exported from the PND to conduct analysis and it is not necessary to be able to identify individuals from the information, the exported information should be anonymised by the removal of information from those fields that are capable of identifying individuals.
- The PND has been assessed as a CONFIDENTIAL system handling information marked up to and including CONFIDENTIAL according to the Government Protective Marking Scheme
- The President of ACPO will appoint a body to authorise connections to the PND. Before a connection to the PND can be authorised, evidence of accreditation must be provided to the National Accreditor. Accreditation requires that a Risk Management and Accreditation Document Set (RMADS) must be prepared to HMG Information Assurance Standard 2 (IAS2), including a detailed technical risk assessment using HMG Information Assurance Standard 1.
- Guidance issued under this code will specify the training required by staff using the PND, whether as users, system administrators, auditors or in any other role. It may also identify training required by those who do not directly access the system but who may request that others use the system on their behalf, and those who may be provided with information obtained from the PND. Access to or use of the PND is restricted to those persons who have successfully completed specified training.
- Role-Based Access Control (RBAC) is mandatory on the PND to ensure that users only have access to capabilities and information that they need for their business role. Users have the ability to conduct enquiries on behalf of other people; such enquiries must only be conducted for a proper purpose by an authorised PND user using their own access details.
- The PND will allow users to conduct complex searches which may suggest relationships between records. The determination and handling of such relationships must be lawful and in accordance with the guidance issued under the code.
- Chief officers should ensure that effective system administration is in place to manage user accounts, system updates and other similar functions.
- There is a need to record and retain audit log data to, amongst other things, prove
the integrity of the transactional data should the need arise to do so; and to carry out
a programme of monitoring to guard against the improper use of the PND.
Audit logs will record sufficient information about each transaction to enable
identification of individuals (both PND users and the subjects of PND records), making the audit logs subject to the Data Protection Act and other regulatory and legislative controls.
- Chief officers will normally be responsible for auditing the activity of their own
personnel; however, no user should audit their own activity. The PND will provide for
auditing by other forces or at a national level where this is necessary. Procedures
should be put in place to ensure that adequate auditing is carried out and that
appropriate action is taken where misuse is discovered.
- Information obtained from the PND may be shared, provided the sharing is lawful and conducted in accordance with the code of practice on the Management of Police
PND Code of Practice - NPIA website
What is Police National Database? - NPIA website
The Database State - a report by Joseph Rowntree Reform Trust