In an embarrassing incident for the Home Office, it was recently revealed that a large volume of records were deleted from the Police National Computer (“PNC”) in error. A letter sent to senior officers of the National Police Chief’s Council (“NPCC”) outlined the Deputy Chief Constable’s understanding of the scale of how many records had been deleted. It was his understanding that approximately 213,000 offence records were deleted as well as 175,000 arrest records and 15,000 person records which contain the name and date of birth amongst other personal information about an individual.
What is the PNC system?
The Police National Computer is an information-sharing system, which allows the sharing of intelligence and information amongst a number of law enforcement agencies. The PNC also provides support to other organisations such as regulatory bodies, government agencies and foreign embassies in the UK.
The PNC holds information including the name of a person, their date of birth as well as the gender and ethnicity. It maintains records relating to arrest, summons and details of cautions and convictions.
The PNC is not the only database where personal information relating to arrests can be found. Local police forces who investigate alleged crimes retain investigation records on their own database. This is distinct from the PNC and not regulated by The Association of Chief Police Officers Criminal Records Office (“ACRO”) in the same way as the PNC. These databases hold copies of custody records relating to individuals who were arrested as well as crime reports and case files.
An individual is entitled to view what is held about them on both the PNC and any local police force database. This can be obtained by way of a subject access request.
How long is this information held for?
Information retained on the PNC, such as an arrest, will be held until a person’s 100th birthday. This will be the case, even for those who were released with no further action following an arrest.
The retention of biometric data, such as fingerprints and DNA is governed by the Protection of Freedoms Act 2012, which amended the Police and Criminal Evidence Act 1984 (“PACE”). In the event that a person is arrested but not charged with a qualifying offence , fingerprints and DNA are automatically deleted as soon as the case is resulted on the PNC but the police have the power to apply to the Biometrics Commissioner to retain the information for up to 3 years and this can be further extended by a District Judge to 5 years. In the event that a person is charged but not convicted of a qualifying offence, their biometric data is automatically retained for 3 years with the same ability to be further extended to 5 years by a District Judge. A qualifying offence is one of a more serious nature, including rape, assault occasioning actual bodily harm and firearms offences.
Where can this information be disclosed?
Records of arrests that resulted in no further action can appear when a person obtains an enhanced Disclosure and Barring Service (“DBS”) Certificate. Police intelligence can be included in an enhanced certificate if the police deem it relevant to the role that is being applied for. Due to recent changes, DBS certificates are now sent to the individual concerned rather than directly to the employer. This allows the applicant to consider the contents and apply for its removal if necessary.
How can records be removed?
For records which are held on the PNC, an application to ACRO can be made for their deletion under one of ten grounds. These range from no crime committed, proven alibi or public interest grounds. If an application for the deletion of records is successful to ACRO, this does not result in the automatic deletion of corresponding records held on the local police force databases.
Subsequently, an application can be made to the local police force under s.47 of the Data Protection Act 2018 for records held on the local database to be removed. The Data Protection Act 2018 states that when the police service continues to hold information it must follow six data protection principles of good practice. These principles include that the personal data must be processed fairly and lawfully and that such data must not be kept longer than is necessary.
It is important for an individual to have an understanding of the records held about them on the police multiple databases, especially in cases where individuals have been arrested with no subsequent prosecution. Many people are relieved when a police investigation is concluded against them and hope to move on as quickly as possible, but a record of arrest could hinder career or travel opportunities in the future if not challenged at the outset.