Select Committee on Home Affairs Written Evidence


APPENDIX 16

Memorandum submitted by LGC Ltd

1.  EXECUTIVE SUMMARY

  1.1  The Select Committee has invited comment on a broad range of issues surrounding the "Surveillance society", following last year's report by the Information Commissioner. This response represents the views of LGC Ltd, one of the two main suppliers of expert forensic services to law enforcement agencies, regarding the handling of information associated with the operation of databases. This is primarily based around our experiences as one of the core suppliers of DNA profiles to the National DNA Database (NDNAD).

  1.2  We recommend that, when databases are being planned, careful attention should be paid to the design of data flows to ensure that the data provided to individuals or organisations is the minimum necessary to permit them to perform their role within the overall process. In particular, only a limited number of authorised individuals at the core of a database should be able to link personal data to the individual concerned.

2.  THE NATIONAL DNA DATABASE EXPERIENCE

  2.1  There can be no doubt that the development of the NDNAD has provided a valuable tool to underpin the work of the police. The current system of operation embraces input from a range of DNA processing laboratories, including private sector laboratories, within a rigorously specified and assessed quality structure. This approach has brought all the benefits of competition into play, resulting in unit prices low enough to permit the routine application of DNA technology in volume crime and sample processing turn-round times measured in days or hours, rather than weeks or months. The effectiveness of the system is routinely demonstrated and is on a par with that of the national fingerprint and palmprint system "Ident1". As a result, the UK NDNAD is the envy of law enforcement agencies around the world.

  2.2  The systems developed to support the operation of the NDNAD also provide a model for the development of other databases to support UK law enforcement. The transformation of the Home Office's DNA Expansion Programme into the Forensic Integration Strategy reflects the move to support additional forensic databases, such as a national footmark database, a National Ballistics Intelligence Database (NABID) and a National Injuries Database.

  2.3  However, there is operational experience which has arisen over the life of the NDNAD which should be taken into consideration as additional databases are developed. In particular, there are issues surrounding the transfer and security of data and samples where we think that appropriate design of future systems could minimise the potential risk of inappropriate access to or use of information.

3.  OVERSIGHT OF THE NDNAD

  3.1  When the NDNAD was originally established in 1995, there was only a single authorised supplier of profiles, the Forensic Science Service (FSS), which was at that time a Government agency. The single suppler was unable to cope with the demand for sample processing and backlogs rapidly built up, to the point where turn-round times were in excess of six months. When a newly-privatised LGC offered to invest to provide additional processing facilities in 1996, a set of authorisation criteria for potential suppliers of profiles was developed by the FSS, including accreditation and proficiency testing requirements. Once LGC was able to offer its services to police forces, the processing capacity available expanded, turn-round times rapidly fell and the benefits of a competitive market began to become apparent. Other suppliers have subsequently been authorised to submit profiles to the NDNAD.

  3.2  The role of "Custodian of the NDNAD" was created to safeguard the integrity of the Database, including setting standards for suppliers of profiles. Initially, this role was associated with the NDNAD within the FSS but, as the status of the FSS changed from a Government Agency to a Trading Fund and then to a Government-owned Company, this led to increasing tensions as other suppliers came to regard the FSS as being in an ambiguous, and privileged, position, as they were effectively regulating a market in which they were also competing as a service supplier. The Custodian role has therefore been separated from the FSS, and now sits within the newly-created National Policing Improvement Agency (NPIA). Although the FSS continues to provide some key supporting services to the NDNAD, such as IT support, the separation of roles is essentially complete, and the FSS is one supplier among others, all providing profiling services to the NDNAD within a closely regulated quality and security structure.

  3.3  The structure which has evolved therefore consists of a range of quality-accredited suppliers profiling samples on behalf of police customers, with profiles being submitted to a central Database, and the resulting "matches" being sent by the Database back to the police forces.

  3.4  Where there have been attempts to establish within a single commercial organisation other databases which were unarguably national in nature, as was initially the case with both the footmark and the Ballistic Intelligence databases, it rapidly became apparent that this was both commercially and strategically inappropriate, and that the NDNAD model was preferable.

  3.5  We feel that the model that has been achieved, with an independent Custodian within Government setting standards for, and overseeing the operation of, a range of service suppliers from both the public and private sectors, represents an extremely effective system for operating a national database structure.

4.  NDNAD SUBJECT SAMPLE PROCESSING

  4.1  In the case of samples collected from individuals for processing for addition to the NDNAD, the current system involves a police force submitting a DNA sample, typically in the form of a mouth swab, to the processing laboratory, together with a card carrying details of the donor. Both the sample and the card carry an unique bar-code number. The card also carries a numerical link to any associated Police National Computer entry (the "arrest/summons number" or ASN) as well as details of the donor, including name, date of birth, ethnic appearance and the type of offence involved.

  4.2  In addition to processing the sample and submitting the resulting DNA profile to the NDNAD, the laboratory is required to capture some of the data from the card to submit to the NDNAD with the profile and to store both the residual sample and the card. This means that each processing laboratory holds a store of samples of individuals' DNA and a store of data about the individuals.

5.  TOO MUCH INFORMATION?

  5.1  The laboratories do not need all of the data about the donor which is provided to them in order to be able to process the samples. The unique (and anonymous) barcode should be sufficient to identify the sample and to link the profile produced to the sample and therefore to the individual donor. In practice, it is accepted that any system involving large-scale sample and data collection and transfer can be prone to error, such as occasional inadvertent "sample swaps", so some additional data is of value in case it is necessary to resolve a discrepancy. However, this could be limited to a less specific identifier than a donor's name, for example a date of birth.

  5.2  The residual samples are retained in case rework is required, including reprocessing for quality assurance. The ability to re-profile samples is of undisputed value, but storage of samples, containing the full DNA of donors, has raised issues of security, access and approval for use.

6.  MANAGING THE DATA

  6.1  The data-related issue which emerges is how the flow of sample-related data is managed, that is, which parts of the overall data held on an individual are required by each organisation within the data handling chain. Although all the data gathered during the processing of DNA subject samples is necessary at some point, not all data is required by all participants in the process. There is therefore a case for a "data audit" when establishing the flow of data to underpin a database, to review which aspects of the overall data needs to pass to and/or be held by each organisation involved. This contrasts with a "one size fits all" approach, involving access to a data package containing all the data required by all participants, so that each organisation within the data-handling chain can abstract the data they need.

  6.2  We consider that, as the total amount of data held on individuals increases, this should not automatically be passed from one agency to another as a bundle to be "mined" by the receiving agency for the aspects that they require. There should instead be an effort to pre-screen data flows on a "need to know" basis, so that the total information available at each location is minimised.

  6.3  The presumption should be that only those data points which are necessary for them are disclosed to each participant in the chain. In particular, the identity of the individual involved should ideally be encoded in such a way that those engaged in sample or data processing are not aware of the identity of the individual and only those authorised staff at the operational centre of, for example, law enforcement are in a position to link the various components of the data to the individual concerned.

  6.4  Similarly, where samples are involved which potentially contain additional information about the donor, access will be required by processing organisations when they conduct their work, but any long-term storage should be undertaken only in closely-controlled repositories, to minimise the potential for unauthorised access.

7.  SUMMARY

  7.1  Efficient construction and operation of databases will usually require the involvement of a variety of organisations, from within Government and the private sector. In addition to the usual arrangement for security vetting the individuals with access to data, any potential for "leakage" of information can be minimised by careful attention to the design of data flows and, in particular, by ensuring that only a limited number of authorised individuals at the core of the Database are able to link data back to the individual concerned. Although some details of its operations are still subject to debate, the National DNA Database has evolved to a position where it can offer a valuable model for the design and construction of future databases holding information about individuals.

April 2007





 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2008
Prepared 8 June 2008