(2) whether loss of data obtained from the national DNA database has been reported by any organisation which has access to (a) the database and (b) data from the database.
Direct access to information on the National DNA Database (NDNAD) is restricted to a limited number of designated personnel under the control of the National Policing Improvement Agency (NPIA), either directly, or under a contract awarded to the Forensic Science Service (FSS) for operation and maintenance of the NDNAD and development of its IT systems. Throughout the lifetime of the contract, the FSS are required to demonstrate compliance with specified security requirements. Police and law enforcement personnel do not have access to the information on the NDNAD, but receive reports from the NDNAD Delivery Unit of matches between DNA taken from crime scenes and that taken from individuals.
In relation to those NPIA and FSS staff, there has been one instance of unauthorised use of the database during the last five years. This involved a contractor working for the FSS who was found to have used an administrator account on the IT system rather than his own. Following an investigation by the NPIA, no evidence of any improper access to database records was found. However, as use of the administrator account was in contravention of security procedures, the individual was removed from further work on the database. No incidents of unauthorised or improper use of match reports by police and law enforcement personnel have been reported to the NDNAD in the last five years.
Since the NDNAD was set up in 1995, two instances of loss of data have been reported. These took place in February 2009 when the FSS faxed DNA reports intended for two police forces to incorrect fax numbers. In both instances, the faxes were either retrieved by the police or destroyed within 36 hours of the event. A thorough investigation was undertaken by the NPIA and reported to the Home Office. No evidence was found of any malicious intent by any individual.
As a result of the investigation into this incident, an existing project to replace use of fax was accelerated. As from 17 April 2009, fax has no longer been used to transmit any DNA reports to forces. They are now sent in line with Cabinet Office guidance over a secure network either by email or as a web service on a secure network.
[holding answer 2 July 2009]: Requests for the release of data or samples relating to the DNA profiles held on the National DNA Database (NDNAD) must be approved by the NDNAD Strategy Board. Requests are also considered by the NDNAD Ethics Group, which makes recommendations to the Board on whether the request should be approved. The Police and Criminal Evidence Act 1984 (PACE) lays down that DNA samples and the profiles derived from them can only be used for the purposes of prevention and detection of crime, the investigation of an offence, the conduct of a prosecution or, since April 2005, for the purposes of identifying a deceased person. In accordance with these requirements, the Board does not approve any research unless it has clear operational benefit to the police.
Details of requests from commercial organisations for data or samples relating to profiles held on the NDNAD which have been approved by the NDNAD Strategy Board in each of the last three years and in 2009 to date can be found in the following table. No requests from research organisations have been approved during this time. The information provided from the NDNAD was anonymised (i.e. no details enabling individuals to be identified were supplied to the commercial organisations).
Details of request 2006-07 Data requested by Cellmark Forensic Services to enable the further development of familial searching software. Data requested by LGC Forensics to enable the further development of familial searching software. Samples requested by LGC Forensics to enable the validation of a system to provide confirmation of rarely found types of DNA. Permission requested by Cellmark Forensic Services to provide profiles held by Cellmark to Cybergenetics. 2007-08 No requests approved 2008-09 No requests approved 2009-101 No requests approved 1 As at 30 June 2009
Fingerprints records are currently retained indefinitely on IDENT1 (the national fingerprint database) for persons arrested for a recordable offence, whether or not subject to a conviction or acquittal or no further action. Proposals on future retention policy are set out in the public consultation paper ‘Keeping the right people on the DNA Database’ published on 7 May 2009.
I refer the hon. Member to the reply I gave him on 30 June 2009, Official Report, column 165W.