TUESDAY 13 FEBRUARY 2001

MRS ELIZABETH FRANCE AND MR JONATHAN BAMFORD

  Chairman: Good morning, Mrs France, Mr Bamford. Thank you very much indeed for making the time to come to see us. We do not see enough of you. We will try in the next Parliament to put that right, those of us who are here, electors and whips permitting. There has been a substantial change over the Criminal Records Bureau (CRB) since we met here a week ago. The Government has now decided it will not charge for volunteers who want to get criminal record checks. We very much welcome that. It does not of course dispose of all of the other issues around this.

  216. One of the issues is the accuracy of the material which is recorded. We had a very distinguished discussion yesterday with the Minister of State, who recognised that there is a problem there. I am going to throw at you a couple of quotes from other statements made. The report On the Record, as opposed to the programme, by the Chief Inspector of Constabulary said "Overall the level and nature of errors, omissions and discrepancies found were unacceptable", that is the Phoenix data. More recently you have expressed concerns. You said to ACPO "Its conclusions are alarming ... including figures showing that crime record error rates ranged between 15 and 65 per cent and that there were substantial delays in updating records in some forces". Would you like to expand on that? Is there any point in the Police National Computer (PNC) providing information to the Criminal Records Bureau if the information is so plainly useless?
  (Mrs France) Yes, of course there is a point. The main point at the moment and in the short term is that it is better, more regulated and will have a clearer way of setting standards than the existing method of providing information at what I might in shorthand call the top end. At the moment, for certain sorts of jobs under a Home Office circular there is revelation of some intelligence and criminal record information. That is the first area at which certificates will be issued; they are what will be called enhanced certificates. This system which is being set up now is infinitely preferable in my view to the sort of fairly uncontrolled, in the sense that there was not a clear structure, process we are using at the moment. The difficulty comes with the likely huge expansion of the use of criminal record information when we get to basic level certificates and the fact that at the same time a far wider audience will be looking at criminal record information, an untutored audience which has not been used to looking at that information and with no face-to-face opportunity for the information to be checked before it has been issued. Those are the reasons why I take a particularly increased interest in sorting this out. I do have to make clear that my concern about the accuracy of Phoenix data goes back beyond this issue of it being the basic information for CRB.

  217. Do you see the Phoenix database improving in accuracy? How confident are you that the system, which we learned yesterday will be made available by the end of the summer, is going to provide a useful service within perhaps a year or two? Certainly Charles Clark yesterday recognised there would be an overlap between the commencement of the CRB service and any real improvement in the accuracy of Phoenix. When he was pressed he was unable, or unwilling certainly, to say when he thought Phoenix data would be reasonably accurate.
  (Mrs France) The accuracy of the data worries everybody who has looked at it. You have two published reports so the facts are not disputed. The accuracy leaves a lot to be desired. It leaves a lot to be desired for complex and varied reasons, not least because those inputting it often do not have any investment in the accuracy of what comes out at the other end of the system. We see that happening in all sorts of places where I am responsible for looking at accuracy of personal data. If the people inputting it do not really understand the value of it at the other end of the process, then there is a problem. This could be put right, but it does require some concentrated attention. It does require some tight timetables and it will require the use of resources within that timescale to sort things out. We were pleased to see reference to strategies in HMI's report and the fact that the Association of Chief Police Officers accepted the importance of this and that forces would put forward strategies to ensure that proper attention is given to this data. I remain to be convinced that the necessary work will be done in a suitable timescale. We had meetings at the end of last week in fact with the Home Office, Her Majesty's Inspectorate and ACPO. Jonathan Bamford, my Assistant Commissioner here, is going to take forward work particularly with HMI and ACPO to make sure we do see a focus on getting those strategy plans in place and properly resourced. The problem is not only at the police force end and I do think this is important. There is importance in making sure that input data is accurate, that there are not huge time lags, that it is understood that all the data is needed, including items which might not seem important. Let us take something like postcode. It might seem a tedious thing to put into the record, but when you are faced with millions of applications, when we get to the basic level certificate, however careful CRB have been to be satisfied that you are the person you say you are in applying for a certificate, if there are inaccuracies historically in how the record was sorted out, then that does not help to make sure you get the right information. That sort of thing needs to be sorted out. The other end of the process that needs attention is weeding the existing record. That is something which is the responsibility as I understand it of PITO, which is an agency of the Home Office. Both ends of the process need to be addressed.

  218. It is encouraging that someone is beginning to get a grip on this. We also know that the provision of soft information is very important and we have become aware of the fact that Hamilton, for example, had been rejected by the scouts in Dunblane primarily because of soft data, certainly not because of anything on the Phoenix database because he did not have a criminal record. How comfortable are you with the provision of soft data? Could there not be abuses?
  (Mrs France) It is always going to be difficult when you are talking about what is intelligence data of one kind or another. My understanding is that that is only for the enhanced certificates, so we are talking about certain categories of employment, particularly exposure to children. That is the position as I understand it now, although not issued through CRB, and Chief Officers have to take a decision as to what information they are going to pass on and in what way. My particular concern is what happens to this information once it passes to the potential employer. I use that term broadly, because obviously in the voluntary sector it may not be employment in the traditional sense. The individual will see the certificate, will know what is on the certificate, could challenge that certificate if necessary. He will not see the intelligence information if to see it would prejudice the prevention or detection of crime. I think you would all accept that is proper. It is making sure that is properly understood. The Data Protection Act, section 29, allows an exemption from what we call subject access, if it would inhibit the prevention or detection or crime if—and I shall not go into the detail of it unless you want me to and I hope I get it correct without quoting it precisely—the purpose of holding the data is the statutory purpose. The problem is that when it gets to the employer he is then holding it for employment purposes. From a data protection point of view, we should like the employer to hold that for a very, very short period of time. He has no reason to hold it once he has taken a decision on whether to employ or not to employ. He simply needs to know whether there is reason to reject, whether there is reason not to reject. We would expect that data then to be handled very carefully and held for a very short period of time outside the CRB. We know that the CRB code of practice recommends that it be held by them for six months, but outside CRB I should like it to be held for an even shorter period. Does that address your concern?

  219. I think so to some degree. I was actually going to come on finally to the Data Protection Act anyway. Information is going to come from the Phoenix database held on the Police National Computer, the DfEE, Department of Health and others. How satisfied are you that this will comply with the Data Protection Act once it is actually handed over to the CRB itself?
  (Mrs France) When you ask whether it will comply with the Data Protection Act, this is information that they are required to give. It is information which is given to comply with the Police Act requirements, it is only for the enhanced certificates. There are issues of security which the Data Protection Act requires. This is sensitive personal data and the seventh principle requires that it be held securely and we would need to look at that.