The Information Tribunal, which adjudicates on appeals against
orders from the Information Commissioner's Office (ICO), said that
guidance issued to forces is unsuitable. The Tribunal said that the
producer of the guidance, the Association of Chief Police Officers
(ACPO), ignored its previous orders on the issue.
The censure comes in a ruling by the Tribunal in which three
police forces have been ordered to block access to a set of old
convictions data for minor offences because their retention breaks
the Data Protection Act.
ACPO has produced a number of sets of guidelines for police
forces on how it should treat convictions data on the Police
National Computer (PNC). Previous versions of the guidelines were
produced in association with the ICO, but a 2006 version was
not.
"The Tribunal would observe that the 2006 Guidelines do not
appear to be a suitable approach to the retention of conviction
data in order to comply with the DPA [Data Protection Act]," said
the ruling. "ACPO seems to have ignored the guidance provided in [a
previous Tribunal ruling]."
That previous ruling, from 2005, called the code a "blunt
instrument'.
"Any code regarding weeding or deletion should be much more
sophisticated in its designation of the applicable criteria and
that such matters as types of offence, age of offender, modus
operandi, length of retention period, nature and extent of any soft
information as well as other appropriate items, some of which were
canvassed in the hearing, should be specifically incorporated in
any revised code," said the 2005 ruling.
In the current case, the Tribunal has backed the Information
Commissioner's ruling against five forces. They had kept conviction
records dating back nearly 30 years for people who had committed
minor offences and not re-offended.
One of the people was refused an opportunity to pursue her
chosen career as a carer because of the retention of information
about a reprimand, while another involved the person attempting to
cheat a slot machine at the age of 15.
The Data Protection Act governs the keeping of information about
people and says that information must be relevant and the length of
time for which it is kept proportionate. The Tribunal has backed
the ruling from the Information Commissioner's Office (ICO) that
the police's retention of conviction data was not relevant and is
excessive for policing purposes.
In each of the five cases the offences were a long time ago and
the people had not re-offended. Some had suffered subsequently
because the offences showed up in employers' background checks and
one woman who was just 13 when she committed her offence was told
at the time that the record of it would be deleted when she turned
18.
The ICO said that it hoped the ruling would create a
precedent.
"We believe that this a landmark ruling which will have wider
implications for police forces around the country and will ensure
that irrelevant details of old criminal convictions are deleted,"
said assistant commissioner Mick Gorrill. "Those concerned were
caused harm and distress by the retention of this data."
The police forces which have been ordered to delete the
information from the National Police Computer system are
Humberside, Northumbria, Staffordshire, Greater Manchester and West
Midlands.
Ian Readhead, ACPO's spokesman on data protection issues, said
that he too believed the ruling could have an impact on all forces'
future behaviour.
"[The ruling] could have far-reaching implications for the
police service as a whole," he said. "The Bichard Inquiry which
followed the tragedy of the Soham murders recommended that forces
should reconsider the way in which records are managed. It is now
important that clear national guidelines are put in place so that
forces take a consistent approach to the retention of criminal
records. Our aim is to ensure that the police service can be in the
best possible position to protect the public."
The Tribunal's ruling came after the police forces had appealed
the ICO's original decision. A further appeal can be made. "We will
now take some time to discuss these implications with the service
and decide on the most appropriate course of action," said
Redhead.
The Tribunal made a ruling in a similar set of cases in 2005
when dealing with incidents dating back almost 40 years. In three
instances combined in one ruling it said that the police should
keep the records on the national computer system as long as only
police staff could access them.
That meant ensuring that the records did not appear on the
register that was routinely searched by potential employers. The
Tribunal emphasised in that ruling, though, that it was not meant
to be a precedent and that every case had to be judged on its own
facts.
In the current case ACPO argued that some records should be
kept, but with access given only to the police. The ICO accepted
that such an arrangement was sometimes suitable but not in this
case.
The Home Office submitted written evidence claiming that the
keeping of material on the database but only accessible to police
was wrong in law in certain circumstances because other parties
should be able to access the information.
The Information Tribunal said that police arguments that they
had to keep data on the Police National Computer because it was
needed by other bodies for the checking of criminal records were
not right. It said that they were obliged to make available any
data they had, but not obliged to keep any data for those
purposes.
"If the government requires a different regime to operate then
it will need to legislate accordingly with all the necessary
safeguards that would be considered appropriate," it said.
