Delays to replacing legacy police IT puts access to information at risk, says NAO

A Home Office programme to replace two national police IT systems with a national data service has suffered severe delays, and the National Audit Office (NAO) is concerned that the department will not be able to deliver the programme before the existing infrastructure becomes obsolete.

The aim is for the new National Law Enforcement Data Service (NLEDS) to replace two ageing systems, the Police National Computer (PNC) and the Police National Database (PND) and create a single system accessible to police forces around the country.

The two systems are critical to police infrastructure: the PNC holds a range of personal data on individuals – from information on arrests and convictions to vehicles and property – while the PND, introduced much later in 2009, contains police intelligence data such as CCTV footage, as well as other information on individuals, organisations and weapons. However, both are reaching end of life, particularly the PNC, which has been in place since 1974.

An NAO report said that the programme, which originally began in 2016 and was due to be completed in 2020, has struggled with delays and funding problems.

In 2019, the Home Office reset the NLEDS programme and carried out reviews of its technical scope, the report said.

“By autumn 2020, the police had lost confidence in the programme and, in response, the department began a second ‘reset’, which is still being implemented,” it said. “Senior policing stakeholders lost confidence in the department’s ability to deliver a range of law enforcement technology programmes, including NLEDS, formally raising their concerns with the department’s permanent secretary.

“In 2021, the department provided the programme with interim funding to start implementing the reset, but this funding only lasts until March 2022.”

The programme’s focus has also changed several times, and the NAO said it has not been clear whether the programme aims to replace the functions of the legacy systems or introduce enhanced capabilities.

The programme has had to extend the contracts for both the PNC and the PND and now does not expect to deliver an equivalent to PNC until 2025-26. However, the PNC is on its last legs and will be unsupported by December 2024 “in its current configuration”, said the NAO report.

“The department cannot yet guarantee to the police that a replacement system will be in place in December 2024, when the PNC’s current technology will no longer be supported. As of April 2021, the department had only ‘moderate confidence’ in its new plans and did not have a programme plan assuring delivery by 2025‑26,” it added.

The Home Ofice has decided to accept the risk of running the system without support after 2024.

The NAO is concerned that the delays to the programme puts police access to critical information at risk. “Continuing to run the PNC also creates regulatory risk, because current police policy is to retain some data in the PNC until the person it relates to is 100 years old,” the report added. “The Information Commissioner’s Office views the blanket application of a 100-year retention policy as risking being disproportionate in some instances.”

The NAO has called for the Home Office to clarify the role of both the department and the police in delivering the programme, as well as agree a revised business case.

NAO head Gareth Davies said: “After a succession of delays, resets and changes in scope, the cost of the NLEDS programme has increased significantly, and it is still not clear whether the Home Office will be able to deliver the programme before the existing infrastructure becomes obsolete. 

“Fragile technology is limiting the ability of the police and other organisations to carry out their job effectively and ultimately putting the security and safety of the public at risk. The Home Office must urgently work with the police to guarantee a clear timeline for the programme, avoiding any further delays.”

The delays are leading to increasing costs, with £21m a year for the PNC and £13m for the PND, and the total cost of the programme has increased by 68% to £1.1bn. However, the Home Office told the NAO that it has a “high degree of confidence that a large proportion of the work produced before the programme reset could be reused”.

The NAO report said: “The department expects that the new system will cost £17m a year to run, less than the £21m annual running cost of the PNC.”

Public Accounts Committee chair Meg Hillier said the NLEDS programme feels like “groundhog day for the Home Office – another project left to flounder for far too long, with potentially serious consequences for our nation’s security”.

She added: “The taxpayer is once again paying the price for government’s failures, with a staggering 68% increase in costs to £1.1bn.

“For the Home Office to put the safety and security of the public at risk in this way is unacceptable. It must act immediately to bring this project back on track.”

As reported by Computer Weekly in November 2020, several privacy campaign groups have also raised concerns about the NLEDS programme, suggesting that it could lead to “over-policing”. 

Privacy International, for example, is concerned that granting such broad access to information “will negatively affect the trust between citizens, the police and other agencies”.

Big Brother Watch has also raised concerns about the fact that there has been no consideration of the new system in Parliament, saying: “While modernised policing systems are welcome, there needs to be significant and meaningful consideration of the privacy issues involved in such a large database of personal information, the access to such a database via an application available to all police officers, and the use of machine learning algorithms in the criminal justice system.”