Do new rules on use of Police National Database go far enough?

The National Policing Improvement Agency today publishes a code which governs the use of a new intelligence system that, in effect, implements some of the main recommendations of the Bichard inquiry into the murders of schoolgirls Holly Wells and Jessica Chapman.

The new Police National Database is due to be launched later this year. It should, for the first time, allow forces across England, Wales, Scotland and Northern Ireland to share, access and search existing local intelligence and operational information on a national basis.

A lack of data sharing was blamed, in part, for preventing the employment as a school caretaker of Ian Huntley who was convicted of the so-called Soham murders.

Huntley had been accused of sexual offences before he took the job atthe Soham school but two police forces failed to spot the allegationswhen he was vetted for the position.

The report by Sir Michael Bichard said:

“An IT system capable of allowing police intelligence to be shared nationally is a priority.
“Thisrecognition has not, however, always been matched by effective action.Nationally, the picture is disappointing. Although the need for anational intelligence IT capability has been recognised for at least adecade, I find that very little progress has been made.”

Now a statutory Code of Practice has been laid before Parliament. It’s designed to ensure the consistent and lawful use of the Police National Database[PND] across the Police Service and is one of a series of measures toguard against misuse of the new system, sitting alongside role-basedaccess controls and individual user security checks.

The PND is aimed at the protection of the public in three main areas:

–    children and vulnerable people
–    reducing the risk of terrorist activity
–    disrupting and preventing major, serious and organised crime.

A report commissioned by the Joseph Rowntree Reform Trust saidthat the Police National Database will hold information suspects,victims, witnesses, objects, locations and events. Forces will be ableto share text, images, files, maps, video and audio.

 Will rumour and suspicions on the PND taint the innocent?

The new system is for intelligence – not specifically for the purposes of gathering evidence for a court case.

Oneof the challenges for police will be including on the system suspicionsand rumour which could detect a potential Huntley, but which would notunwittingly incriminate the innocent, or inaccurately impugn theirreputations.

There is little in the code of practice on this subject.

Usersof social services systems have a similar challenge when deciding whatinformation to put on databases. To what extent do they includeunproven allegations, perhaps from a disgruntled neighbour?

ThePND code does makes it clear that officers will be able to request thatothers use the system on their behalf, though only in a lawful way.

HomeOffice Minister for Identity, Meg Hillier MP, said: “When the PND isdelivered later this year it will provide forces with a powerful newtool to fight crime and protect the most vulnerable in society.

“Butit is vital that forces use this new information-sharing capability ina consistent and lawful way and for policing purposes only. The Code ofPractice will enshrine these principles across the Police Service.”  

The PND forms part of the NPIA’s IMPACT IT-enabled change programme, which was established in 2005.

TheIMPACT Nominal Index has been an interim information-sharing systemwhich allows forces to see if information on a suspect is held byanother force. An enquiry must be then made to the force in question tofind out what that information is. The PND will allow this informationto be shared instantly.

Forces will start to load data onto the PND in May this year and will start to use it in the autumn.


What the Code of Practice says:

These are some of the points in the new Code of Practice:

-Each chief officer, usually the Chief Constable, is a data controller,in common with all other chief officers, for the personal informationheld on the system. As such, all chief officers share theresponsibilities of data controllers set out in the Data Protection Act1998.

– The PND is to be used solely for policing purposes:
a) protecting life and property;
b) preserving order;
c) preventing the commission of offences;
d) bringing offenders to justice; and
e) any duty or responsibility of the police arising from common or statute law.

– Chief officers should prioritise the use of the PND accordingly but are free to use the
PND for all policing purposes.

–  Whilst the code of practice and accompanying guidance provide advice,it is the responsibility of chief officers to decide what informationto place on the
system, what information to withhold from the system, and what restrictions to apply
on access to and use of the information, and to accept the risks of any such decisions.
Similarly, chief officers are responsible for how information on the PND is used by
their force.

–  The PND is an intelligence data-handling system rather than anevidential system; it is a repository for copies of records which areheld locally by forces: should PND
information be required for evidential purposes it will be necessary to obtain the
original information from the data provider.

–  Chief officers should be as open and transparent as possible about the information
held on the PND and how it is used. It should be made clear that information gathered
by forces may be placed on a national system and shared with other forces and other
law enforcement bodies.

–   A policy for the use of the PND must be applied within each police force.

–  Where information is exported from the PND to conduct analysis and itis not necessary to be able to identify individuals from theinformation, the exported information should be anonymised by theremoval of information from those fields that are capable ofidentifying individuals.

–  The PND has been assessed as aCONFIDENTIAL system handling information marked up to and includingCONFIDENTIAL according to the Government Protective Marking Scheme

– The President of ACPO will appoint a body to authorise connections tothe PND. Before a connection to the PND can be authorised, evidence ofaccreditation must be provided to the National Accreditor.Accreditation requires that a Risk Management and AccreditationDocument Set (RMADS) must be prepared to HMG Information Assurance Standard 2 (IAS2), including a detailed technical risk assessment using HMG Information Assurance Standard 1. 

– Guidance issued under this code will specify the training required bystaff using the PND, whether as users, system administrators, auditorsor in any other role. It may also identify training required by thosewho do not directly access the system but who may request that othersuse the system on their behalf, and those who may be provided withinformation obtained from the PND. Access to or use of the PND isrestricted to those persons who have successfully completed specifiedtraining.

–   Role-Based Access Control (RBAC) is mandatory onthe PND to ensure that users only have access to capabilities andinformation that they need for their business role. Users have theability to conduct enquiries on behalf of other people; such enquiriesmust only be conducted for a proper purpose by an authorised PND userusing their own access details.

– The PND will allow users toconduct complex searches which may suggest relationships betweenrecords. The determination and handling of such relationships must belawful and in accordance with the guidance issued under the code.

-Chief officers should ensure that effective system administration is inplace to manage user accounts, system updates and other similarfunctions.

– There is a need to record and retain audit log data to, amongst other things, prove
the integrity of the transactional data should the need arise to do so; and to carry out
a programme of monitoring to guard against the improper use of the PND.
Audit logs will record sufficient information about each transaction to enable
identificationof individuals (both PND users and the subjects of PND records), makingthe audit logs subject to the Data Protection Act and other regulatoryand legislative controls.

– Chief officers will normally be responsible for auditing the activity of their own
personnel; however, no user should audit their own activity. The PND will provide for
auditing by other forces or at a national level where this is necessary. Procedures
should be put in place to ensure that adequate auditing is carried out and that
appropriate action is taken where misuse is discovered.

– Information obtained from the PND may be shared, provided the sharingis lawful and conducted in accordance with the code of practice on theManagement of Police


PND Code of Practice – NPIA website

What is Police National Database?  – NPIA website

The Database State – a report by Joseph Rowntree Reform Trust