Watching Them, Watching Us Home Page
email: [email protected]
c.f. http://www.spy.org.uk/spyblog/archives/000201.html
for links to the evidence (.pdf) e.g. Criminal Records Bureau initial audit of the accuracy of data from the PNC and details about PNC and ViSOR systems by the police Information Technology Organisation (PITO)
Punch issue 126
March 14 - 27, 2001
pg 10 -11
"Police computer puts justice at risk"
David Northmore
Tens of thousands of criminal convictions handed down by courts accross the UK could be declared unsafe because an investigation by Punch has discovered that the country's main police intelligence computer, the Police National Computer, is not registered under the Data Protection Act.
An internal police audit has also found tha the computer's records are appallingly inaccurate: 85 per cent of records transferred by the Metropolitan Police contain significant errors.
The Law Society, Criminal Bar Association and human rights group Liberty are now planning to launch a series of challenges in the Court of Appeal over criminal cases which have relied on intelligence supplied by the Police National Computer (PNC).
The PNC holds some 50 million criminal intelligence files on more than six million UK citizens, together with details of the nation's 28 million registered drivers. The data also includes fingerprints, photofit pictures, DNA samples and details of missing and wanted persons. Around 200 staff at the Police Information Technology Organisation (PITO), work around the clock at a top security warehouse in Hendon, north London, to process the 250,000 or so enquiries recieved each day from police forces around the country and other law -enforcement agencies including MI5 and HM Customs and Excise.
PITO spokesman David Edwards admitted that the PNC is not registered under the Data Protection Act when confronted with evidence obtained by Punch. But he claims there was no need for the massive database to be registered. "Our view is that the data held on the PNC is actually covered by individual police forces' registrations on the Data Protection Register," he says. However, it is this claim that is causing controversy among lawyers.
Punch's investigation has also established that the vast majority of criminal records held on the PNC contain major inaccuracies. In one area of south London, Vauxhall, every criminal record checked in an internal audit was found to be inaccurate. Wandsworth recorded the highest level of accuracy at a mere 28 per cent. On average, some 85 per cent of criminal records held by the Metropolitan Police and transferred to the PNC contained significant errors.
Details of the audit, seen by Punch, are contained in an internal Metropolitan Police report prepared by New Scotland Yard's Service Security Policy Branch, which describes the situation as "wholly unnacceptable". The report admits the errors "could lead to serious consequences with the possibility of financial compensation awards to those affected".
The revelation that the massive PNC is illegally processing data because of its non-registration under the Data Protection Act will come as a major embarrassment to Home Secretary Jack Straw. The PNC was created by the Home Office in 1973, but transferred to PITO - a "statutory executive non-departmental public body" - under the Police Act of 1997, which also saw the creation of the National Crime Squad and the National Criminal Intelligence Service.
PITO is also responsible for overseeing the development of several other massive crime-prevention databases, including the automatic number plate recognition system and the national fingerprint identification system, all of which are operating illegally through not being registered under the Data Protection Act.
But the privacy watchdog. the Data Protection Commissioner (formerly the Data Protection Registrar), has repeatedly warned senior police officers over the use of personal data on the PNC. In 1993, former registrar Eric Howe ordered chief constables to delete warning flags on the PNC for people known or suspected to be infected with the AIDS virus HIV. And in 1998, Data Protection Commisioner Elizabeth France warned that the compilation of a national DNA database, formally announced by the Home Secretary earlier this year, could cause major problems. In her annual report sh wrote: "Issues relating to the way in which databases should be registered, the procedure for retention and deletion of records and the permissible uses of the data have been discussed. We shall monitor the use of this database carefully."
The Association of Chief Police Officers (ACPO), expressed surprise at the PNC's non-compliance with data protection law. "ACPO would be concerned about any case of data not complying with the appropriate legislation," said spokesman Ian Readhead, who is also the deputy chief constable of Hampshire. "We must ensure the credibility of the services we offer the public, although I am satisfied all chief constables are properly registered under the Data Protection Act."
Criminal defence lawyser are now warning that a flood of legal challenges could be launched in the Court of Appeal claiming that criminal convictions based on information provided through the PNC are unsafe as they relied on data that had been held and processed illegally.
Malcolm Fowler, a solicitor-advocate and chair of the Law Society's Criminal
Law Committee says: "I am astonished that the Police National Computer
is not registered under the Data Protection Act. there is arguably the prospect
of a test case going to the Court of Appeal, as Article Six of the Human
Rights Act requires the ' right to a fair trial'. I am sure the Law Society
would consider backing an appropriate case.
"This flaw is an issue of considerable public importance, and the government
should rush to put it right. This may require the introduction of a Bill
to be fast-tracked through parliament to limit the damage done."
Barrister Brian O'Neill, secretary of the Criminal Bar Association, is also surprised at the illegal status of the PNC. "It is a lamentable state of affirs that the Police National Computer is not properly registered. It also calls into question the whole point of the Data Protection Act."
Liberty spokeswoman Deborah Clark says: "The five million or so people whose records are on this database could also have a case against the police under Article 8 of the Human Rights Act which guarantees a right of privacy. We are considering a High Court judicial review over the operation of the PNC, and there may be numerous claims for damages with a Data Protection Tribunal.
"It is tempting to dismiss this as a comedy of errors, but we must not. It highlights just how much information is held on individuals in this country, and how vital it is to have powerful and properly enforced safeguards to ensure this information is not misused and the public's right to privacy is not undermined by the creeping advance of a know-all surveillance state."
The UK's leading expert on data protection law, Peter Carey of City solicitors Charles Russell, who is also editor of Blackstone's legal textbook on data protection, says individual officers of PITO could face prosecution for failing to register the Police National Computer under the Data Protection Act.
"There is nothing whatsover in the Data Protection Act 1998 allowing such a database to evade registration. It is quite clear that those who operate the Police National Computer are required to be so registered, but are not. If they are not then they open themselves to legal action in the criminal courts for a statutory offence."
A spokesperson for the Home Office, which is the "sponsoring department" for PITO, this week down-played the significance of the Police National Computer not complying with data-protection law.
"We are in touch with the Data Protection Commissioner about this, and will be meeting her in due course to discuss future adjustments that may be necessary to ensure the PNC is properly registered under the Data Protection Act."
Watching Them, Watching Us Home Page
email: [email protected]