Errors rife in police data file

Mike Simons Police auditors have found an 86% error rate on the Police National Computer (PNC).

Mike Simons Police auditors have found an 86% error rate on the Police National Computer (PNC).

The findings could place the police service in breach of the 1998 Data Protection Act, which requires organisations to keep records accurate and up-to-date.

In addition, those affected could seek financial compensation for police use of inaccurate records.

The audit, seen by Computer Weekly, was carried out by the Metropolitan Police's Security Inspection Unit. It validated 600 records held on the PNC against source documentation held at police stations.

"The overall error rate for this audit was 86%, which is wholly unacceptable," the report said. "This represents a 34% increase on the error rate of 64% for the same divisions audited in 1997.

"Eighty five per cent of the overall error rate is composed of major errors, for example, those that could potentially lead to serious consequences, with the possibility of financial compensation awards to those affected."

The research is bad news for the Government, which plans to introduce a Criminal Records Bureau (CRB) next year. The Home Office estimates the CRB could eventually carry out 12 million record checks a year.

The Government has already admitted its concern about the state of data on the PNC. Home Office minister Charles Clarke admitted, "We recognise that there are shortcomings in the accuracy of records, which need to be addressed, especially given that the CRB will come into operation from July 2001."

Clarke added, "The police service is working to improve the accuracy of criminal records and the Association of Chief Police Officers has produced proposals for enhancing police data handling."

Jonathan Bamford, assistant data protection commissioner, told Computer Weekly that the police were not excluded from the Data Protection Act.

"If a Metropolitan Police internal audit found errors, then I am concerned," he said. "We would not take a different stance to breaches by the police than we would to a commercial organisation. In some cases, we would be more concerned because the consequences of mistakes could be more severe."

Bamford also warned, "The CRB will have access to a sub-set of data on the PNC and we are concerned that it is of high quality. It will be in the police's best interests to make sure its house is in order."

Explaining the findings, a Met spokesman said, "We are confident the level of error indicated through this audit bares no relevance whatsoever to the accuracy of the PNC records in their entirety." He said the method used in the audit was extremely stringent, with a 30-minute time limit on record sourcing.

However, the auditors made plain that the method they used was specified in the Association of Chief Police Officers' Data Protection Audit Manual and was the same at that used in the 1997 audit.

Read more on IT risk management