Examination of Witnesses (Questions 216
TUESDAY 13 FEBRUARY 2001
Chairman: Good morning, Mrs France, Mr Bamford.
Thank you very much indeed for making the time to come to see
us. We do not see enough of you. We will try in the next Parliament
to put that right, those of us who are here, electors and whips
permitting. There has been a substantial change over the Criminal
Records Bureau (CRB) since we met here a week ago. The Government
has now decided it will not charge for volunteers who want to
get criminal record checks. We very much welcome that. It does
not of course dispose of all of the other issues around this.
216. One of the issues is the accuracy of the
material which is recorded. We had a very distinguished discussion
yesterday with the Minister of State, who recognised that there
is a problem there. I am going to throw at you a couple of quotes
from other statements made. The report On the Record, as opposed
to the programme, by the Chief Inspector of Constabulary said
"Overall the level and nature of errors, omissions and discrepancies
found were unacceptable", that is the Phoenix data. More
recently you have expressed concerns. You said to ACPO "Its
conclusions are alarming ... including figures showing that crime
record error rates ranged between 15 and 65 per cent and that
there were substantial delays in updating records in some forces".
Would you like to expand on that? Is there any point in the Police
National Computer (PNC) providing information to the Criminal
Records Bureau if the information is so plainly useless?
(Mrs France) Yes, of course there is a point. The
main point at the moment and in the short term is that it is better,
more regulated and will have a clearer way of setting standards
than the existing method of providing information at what I might
in shorthand call the top end. At the moment, for certain sorts
of jobs under a Home Office circular there is revelation of some
intelligence and criminal record information. That is the first
area at which certificates will be issued; they are what will
be called enhanced certificates. This system which is being set
up now is infinitely preferable in my view to the sort of fairly
uncontrolled, in the sense that there was not a clear structure,
process we are using at the moment. The difficulty comes with
the likely huge expansion of the use of criminal record information
when we get to basic level certificates and the fact that at the
same time a far wider audience will be looking at criminal record
information, an untutored audience which has not been used to
looking at that information and with no face-to-face opportunity
for the information to be checked before it has been issued. Those
are the reasons why I take a particularly increased interest in
sorting this out. I do have to make clear that my concern about
the accuracy of Phoenix data goes back beyond this issue of it
being the basic information for CRB.
217. Do you see the Phoenix database improving
in accuracy? How confident are you that the system, which we learned
yesterday will be made available by the end of the summer, is
going to provide a useful service within perhaps a year or two?
Certainly Charles Clark yesterday recognised there would be an
overlap between the commencement of the CRB service and any real
improvement in the accuracy of Phoenix. When he was pressed he
was unable, or unwilling certainly, to say when he thought Phoenix
data would be reasonably accurate.
(Mrs France) The accuracy of the data worries everybody
who has looked at it. You have two published reports so the facts
are not disputed. The accuracy leaves a lot to be desired. It
leaves a lot to be desired for complex and varied reasons, not
least because those inputting it often do not have any investment
in the accuracy of what comes out at the other end of the system.
We see that happening in all sorts of places where I am responsible
for looking at accuracy of personal data. If the people inputting
it do not really understand the value of it at the other end of
the process, then there is a problem. This could be put right,
but it does require some concentrated attention. It does require
some tight timetables and it will require the use of resources
within that timescale to sort things out. We were pleased to see
reference to strategies in HMI's report and the fact that the
Association of Chief Police Officers accepted the importance of
this and that forces would put forward strategies to ensure that
proper attention is given to this data. I remain to be convinced
that the necessary work will be done in a suitable timescale.
We had meetings at the end of last week in fact with the Home
Office, Her Majesty's Inspectorate and ACPO. Jonathan Bamford,
my Assistant Commissioner here, is going to take forward work
particularly with HMI and ACPO to make sure we do see a focus
on getting those strategy plans in place and properly resourced.
The problem is not only at the police force end and I do think
this is important. There is importance in making sure that input
data is accurate, that there are not huge time lags, that it is
understood that all the data is needed, including items which
might not seem important. Let us take something like postcode.
It might seem a tedious thing to put into the record, but when
you are faced with millions of applications, when we get to the
basic level certificate, however careful CRB have been to be satisfied
that you are the person you say you are in applying for a certificate,
if there are inaccuracies historically in how the record was sorted
out, then that does not help to make sure you get the right information.
That sort of thing needs to be sorted out. The other end of the
process that needs attention is weeding the existing record. That
is something which is the responsibility as I understand it of
PITO, which is an agency of the Home Office. Both ends of the
process need to be addressed.
218. It is encouraging that someone is beginning
to get a grip on this. We also know that the provision of soft
information is very important and we have become aware of the
fact that Hamilton, for example, had been rejected by the scouts
in Dunblane primarily because of soft data, certainly not because
of anything on the Phoenix database because he did not have a
criminal record. How comfortable are you with the provision of
soft data? Could there not be abuses?
(Mrs France) It is always going to be difficult when
you are talking about what is intelligence data of one kind or
another. My understanding is that that is only for the enhanced
certificates, so we are talking about certain categories of employment,
particularly exposure to children. That is the position as I understand
it now, although not issued through CRB, and Chief Officers have
to take a decision as to what information they are going to pass
on and in what way. My particular concern is what happens to this
information once it passes to the potential employer. I use that
term broadly, because obviously in the voluntary sector it may
not be employment in the traditional sense. The individual will
see the certificate, will know what is on the certificate, could
challenge that certificate if necessary. He will not see the intelligence
information if to see it would prejudice the prevention or detection
of crime. I think you would all accept that is proper. It is making
sure that is properly understood. The Data Protection Act, section
29, allows an exemption from what we call subject access, if it
would inhibit the prevention or detection or crime ifand
I shall not go into the detail of it unless you want me to and
I hope I get it correct without quoting it preciselythe
purpose of holding the data is the statutory purpose. The problem
is that when it gets to the employer he is then holding it for
employment purposes. From a data protection point of view, we
should like the employer to hold that for a very, very short period
of time. He has no reason to hold it once he has taken a decision
on whether to employ or not to employ. He simply needs to know
whether there is reason to reject, whether there is reason not
to reject. We would expect that data then to be handled very carefully
and held for a very short period of time outside the CRB. We know
that the CRB code of practice recommends that it be held by them
for six months, but outside CRB I should like it to be held for
an even shorter period. Does that address your concern?
219. I think so to some degree. I was actually
going to come on finally to the Data Protection Act anyway. Information
is going to come from the Phoenix database held on the Police
National Computer, the DfEE, Department of Health and others.
How satisfied are you that this will comply with the Data Protection
Act once it is actually handed over to the CRB itself?
(Mrs France) When you ask whether it will comply with
the Data Protection Act, this is information that they are required
to give. It is information which is given to comply with the Police
Act requirements, it is only for the enhanced certificates. There
are issues of security which the Data Protection Act requires.
This is sensitive personal data and the seventh principle requires
that it be held securely and we would need to look at that.