Four English police forces have appealed to the Information Tribunal after being ordered by the Information Commissioner's Office (ICO) to delete criminal convictions from the Police National Computer (PNC), which is the criminal database for England and Wales.
The ICO received complaints from four individuals whose data had been stored in the PNC. All four cases related to either a caution or a conviction in respect of a non-custodial offence, some dating back almost 30 years. The complainants' history had been disclosed to prospective employers when they had applied for jobs.
One of the offences disclosed dated back to 1984 and related to the theft of packet of meat costing 99p, for which the individual, who was then under eighteen years old, was fined £15.
The ICO issued enforcement notices requiring the four forces – Humberside, Northumbria, Staffordshire and West Midlands – to remove the data from their records after deciding that the retention of this information amounted to a breach of the Data Protection Act 1988 (DPA).
The DPA primarily governs the use of personal data in the UK, and imposes obligations on those who process personal data. The DPA sets out a number of data protection principles of good practice, one of which requires that personal data must be adequate, relevant and not excessive in relation to the purpose for which it is processed. The ICO took the view that this principle had been breached by the four forces. The police will be able to retain the information pending the final outcome of the appeal.
The Association of Chief Police Officers in Scotland (ACPOS) and the Association of Chief Police Officers in England & Wales (ACPO) have drawn up rules for "weeding out" data relating to convictions which are no longer relevant for policing purposes. Such rules have attempted to establish key principles and consistency for data retention to ensure that each force is DPA compliant. As individual police forces are effectively the owners of criminal records, it is their responsibility to ensure that data is held in accordance with the DPA. There is a weeding policy for the Criminal History System (CHS) which is the Scottish criminal database, as well as the PNC.
It is interesting to note that ACPO has developed new guidelines for retention of data on the PNC incorporating a "step down model" which restricts access to certain data rather than data being deleted after a certain time. The step down model operates within strict time limits so that only the police will be able to access criminal records after a period of time, and will not be open for inspection by any other bodies (save for exceptional circumstances detailed within the guidelines). It is unclear how this will comply with the "adequate, relevant and not excessive" principle under the DPA.
It is perhaps understandable that police forces are reluctant to remove criminal records from their systems, particularly in light of the criticism that Humberside police force received when it was revealed that records relating to Ian Huntley who was convicted of the Soham murders, had been removed. However the duty to police and investigate should be balanced with the statutory protections laid down in the DPA.