Skip to main content

Data Storage

Volume 699: debated on Monday 18 February 2008

asked Her Majesty's Government:

Which companies they currently use to undertake analysis and storage of biological samples; which other companies they are considering for the purpose; and what safeguards and assessments are in place to ensure the safe storage of data. [HL1518]

The organisations that are at present accredited to provide DNA profiling services to the police forces of England and Wales are Forensic Science Service Ltd, LGC Forensics, Orchid Cellmark and Forensic DNA Services Ltd. Some other companies are currently being considered but cannot be named for reasons of commercial confidentiality. All the organisations used by the National DNA Database Custodian (housed within the National Policing Improvement Agency) to provide DNA analysis and storage are subject to a robust accreditation process.

The police service uses other organisations for analysis and storage of biological samples other than DNA—for example, for forensic toxicology and testing for drink or drug driving offences. Police forces require these organisations to adhere to relevant standards laid down by the United Kingdom Accreditation Service (UKAS). A full list of these organisations could be provided only at disproportionate cost.

The Written Ministerial Statement of 21 November 2007 notes that the review by the Cabinet Secretary and security experts is looking at procedures within departments and agencies for the storage and use of data. A Statement on departments' procedures will be made on completion of the review. An interim progress report on the review was published by the Cabinet Office through a Written Ministerial Statement on 17 December 2007 (Official Report, Commons col. 98WS). This included a recommendation regarding enhanced transparency with Parliament and the public about action to safeguard information and the results of that action, through publication of results, departmental annual reports and an annual report to Parliament.

It is not in the interests of the UK's national security for departments to provide details of the security measures used to protect their IT systems. This may assist persons interested in testing the effectiveness of the UK's IT defences.