The accidental deletion of 150,000 records from national policing systems was caused by “a single error in the code”, but was exacerbated by process and management failures, according to a Home Office review.
UK police lost more than 150,000 fingerprint, DNA and arrest history records after accidentally wiping them from national policing systems on 9 January 2021.
According to a review published by the Home Office, which was chaired by former Metropolitan Police chief Bernard Hogan-Howe, this included the erroneous deletion of 112,697 person records from the Police National Computer (PNC), which holds information on arrests, convictions, vehicles and property.
The error also affected two other policing systems connected to the PNC, causing the deletion of 26,329 DNA records from the National DNA Database (NDNAD), and 195 sets of fingerprints from biometric information database IDENT1.
“A number of queries were raised regarding the deletions over the subsequent 48-hour period, however it was only on Monday 11 January that the PNC team fully realised what had occurred,” said the review.
“In fact, had it not been for intervention from the IDENT1 and NDNAD teams, it is not clear when PNC services would have been aware of the erroneous deletions.”
It added the accidental deletion of records – which are all capable of being recovered – was caused by human error through the introduction of a single mistake in the code created by the PNC team, which was working to improve the method for deleting records that should not be retained by law.
“However, the underlying causes lay not with the individual, but the processes and culture that allowed this error to affect this vital database in such a profound way,” said the review.
The underlying causes listed include the fact that established procedures, such as reviews, were either loosely followed or not followed at all; inadequate testing of the code; an overall failure to design effective and complete tests; and a failure from the first alert to act quickly, which resulted in an initially uncoordinated and ineffective effort to fix the issue.
The review added that the context in which the PNC operates must also be considered, as it is a 47-year-old system that is due to be replaced by the National Law Enforcement Data Service (NLEDS) – a merger of the PNC and Police National Database (PND) into one unified data lake.
“The problems of an old IT system go way beyond the hardware and software associated with it. The team who operate it have worked together over a long period of time,” said the review.
“The expertise and closeness of the teams involved in running the PNC increased the risk that their work would be accepted rather than checked by a leadership that were in a poor position to challenge their decision-making. The PNC services team has very limited police experience in the team and have limited understanding of how the police operate.”
The review concluded that major improvements would be needed to address the underlying issues that led to the deletion of tens of thousands of records, including the creation of a strategic plan for the future of the PNC and its replacement, NLEDS, which is £45m over budget and nearly two years overdue.
“The creation of a culture in the PNC operation that promotes checking, testing and independent assessment of daily operations and change, to address the complacency that the review identified in the PNC operation” is also needed, as well as the “embedding and involvement of the Police Service and other PNC users into the decision-making around the PNC and its development”.
In its summary section, the review also makes 21 further recommendations on how improvements can be made, and gives the Home Office eight weeks to develop an implementation plan for them.
The Home Office must also develop a separate plan within the same time frame to either replace the PNC or to invest in making it more resilient, which must include options for taking the system out of Home Office control.
It added that once the data restoration work is complete, more work must also be done to fully understand the harm to the public.
Policing minister Kit Malthouse told MPs on Monday that the Home Office would be following up on these recommendations.
‘No harm caused’ by error
In a statement immediately responding to the loss of records, the Home Office said at the time that no records of criminals or dangerous persons had been deleted, and that the records wiped were those of people arrested and released when no further action was taken.
In line with this previous statement, the review added: “It appears that no one has been harmed as a result of the deletions of records and biometric data. It also appears that no one has escaped justice because of the loss of data.”
The PNC currently holds information on about 12.6 million individuals, and retains this information until either their 100th birthday or 100 years from the date it was first reported to police, depending on the intelligence category the information falls into.
While the review said the data loss was caused by a coding error introduced by the PNC team, which was working to delete records that could no longer be legally retained, others have questioned why UK police and the Home Office are retaining information on thousands of individuals where no police action was taken.
“If the Home Office is correct and no records of criminal or dangerous persons have been deleted, but only records of those arrested and then released without further action, then there are far more important questions that need answering,” said Kevin Blowe, a coordinator at the Network for Police Monitoring (Netpol) at the time.
“Why are police keeping huge amounts of personal data that it doesn’t need, apparently on the off-chance that it might become useful as intelligence in the future? How is this not on a par with the police keeping millions of facial images of innocent people on a searchable database, long after the courts ruled that this was unlawful?”