Police forces need a strategic plan for the future and eventual replacement of the Police National Computer (PNC), according to a new report from the Home Office.
It is one of recommendations from a review of a major data loss in January, when almost 140,000 records were mistakenly deleted.
Other highlighted recommendations are for a big improvement in the checking, testing and independent assessment of daily operations with the PNC, a greater involvement of police services and other users in its development, and a review of Home Office and police responses to any critical incidents with the system.
The review of the incident says it occurred as part of an exercise on 9 January to delete records in cases for which no further action was required. A single error led to the removal of 112,697 person records, 26,320 DNA records and 195 sets of fingerprint records that should have remained on the PNC.
These have now been fully restored and the review says it appears that no-one has been harmed as a result of the deletions, but the incident has highlighted problems that need to be addressed.
While the immediate cause of the loss was one error in the code created by the PNC team, which has been attributed to human error, there are underlying causes in the processes and culture.
These include a loose attitude towards following procedures for managing data, a failure to design effective and complete tests, inadequate testing of the new code, a failure to act quickly after the first alert, and the age of the 47 year-old system. It is described as inflexible when changes are needed and relies on a diminishing skills base inside the Home Office.
“The problems of an old IT system go way beyond the hardware and software associated with it,” the report says. “The team who operate it have worked together over a long period of time. The expertise and closeness of the teams involved in running the PNC increased the risk that their work would be accepted rather than checked by a leadership that were in a poor position to challenge their decision making.
"The PNC services team has very limited police experience in the team and have limited understanding of how the police operate.”
It points to the planned replacement of the PNC by the National Data Law Enforcement Programme, but also that this has been subject to a reset. The programme is under examination by the National Audit Office with its findings scheduled for publication in the autumn.
The review adds that “major improvements need to be made” in addressing the underlying factors.
Details of these include ensuring the quality and compliance procedures for quality and compliance are fit for purpose, developing a joined up incident management approach, quickly issuing accurate information to operational users in the event of an incident, and ensuring that people are properly trained to use the PNC.
Image from iStock, Bridget McGill