Nick Thomas-Symonds
Main Page: Nick Thomas-Symonds (Labour - Torfaen)Department Debates - View all Nick Thomas-Symonds's debates with the Home Office
(3 years, 11 months ago)
Commons ChamberI am grateful to the policing Minister for his statement and for advance sight of it, and I am grateful to him for his briefing over the weekend, but I must ask where the Home Secretary is. The loss of hundreds of thousands of pieces of data—data so important for apprehending suspects and safeguarding vulnerable people—is extraordinarily serious. It was the Home Secretary who needed to show leadership and take control. That is what previous Home Secretaries have done in a crisis. On the Passport Office, Windrush and knife crime, whatever their mistakes, Home Secretaries came to and answered to this House; they did not just offer a media clip, as has happened today. This Home Secretary, who is failing on violent crime and failing on the Windrush compensation scheme, with chaos on border testing, and who was found to have broken the ministerial code, will now not even answer to Parliament and the public on this most serious of issues. The Home Secretary likes to talk tough, but when the going gets tough, she is nowhere to be seen.
Will the Minister tell us when the Home Secretary first knew about the data loss and why the public had to find out from the media? Given that the initial reports were of 150,000 items of data, and the figure now seems to be over 400,000, can the Minister be sure of how much data has actually been lost? In his statement, the Minister said that on 10 January the process of deletion was stopped, but will he confirm that the faulty script was introduced into the police national computer on 23 November, meaning that the problem was not identified for 48 days?
The Minister said in his statement on Friday that
“the loss relates to individuals who were arrested and then released with no further action”.
This is serious in itself. For example, let us consider cases of domestic abuse: when suspects are released, the data becomes very important to protecting victims and making further arrests. In a letter, Deputy Chief Constable Malik, the National Police Chiefs Council lead for the police national computer, said that the deleted DNA contains
“records…marked for indefinite retention following conviction of serious offences.”
This is, therefore, not only data on individuals released with no further action; it includes data about convicted criminals, so will the Minister now correct the statement that he issued on Friday?
Will the Minister confirm whether 26,000 DNA records and 30,000 fingerprint records held on separate databases have been deleted? Will he assure the House that the engagement with the PNC to delete the Schengen information system—SIS II—database was unrelated? What is the full impact on the UK visa system from the data loss, and how is it affecting ongoing police investigations and intelligence gathering?
The PNC and the police national database are due to be replaced by the national law enforcement data programme, but the assessment by the Infrastructure and Projects Authority is that the successful delivery of the project is in doubt. Is it still in doubt? If so, why? There are reports that 18 months ago senior police outlined that the Home Office was not investing in the PNC and that it presented a significant risk to the police’s ability to protect the public. Was that warning heeded?
Finally, if it is not possible to recover data via the process currently under way, what contingency plans are in place to seek to recover the data via other means? Does the Minister accept that maintaining the security of this vital data is critical to addressing crime, bringing criminals to justice and keeping our communities safe, and that if the Home Office is not doing that, it is failing the public?
The hon. Gentleman has given me a long series of questions, which I shall try to answer as efficiently as I possibly can. Once the error became clear to the team, they escalated it up through the Home Office, first of all on Monday, and then through Wednesday into ministerial and other offices, in accordance with normal protocols.
As to the scale of the data, while the figure of 400,000 has been quoted, that is an accumulation of the various bits of information that may or may not have been deleted. As I said, a number of bits of information may apply to one individual, so the number of individual records on the PNC that might be affected could be smaller, but we will not know exactly until later this week, once the programme that is being analysed has come to an end.
As for when the script was introduced, that was indeed six weeks prior to what is called the weeding date, which is when the deletion was due to take place. That is standard practice, to load the script into the system some weeks before it is due to run. It did not run until the Saturday, when the error within it became immediately apparent.
As to the records that are affected, I am informed that the records that have been deleted are those that relate to people who were apprehended or put under investigation by the police. When there was subsequently a declaration of no further action to be taken, if there were prior convictions or offences on the police national computer, my information—what I have been told thus far—is that that those will remain. Only information relating to that specific incident, which was no further action, may or may not have been deleted. To a certain extent, that helps to mitigate some of the risk.
It is also worth pointing out that, as I said in my statement, there are other databases, both locally and those held nationally, such as IDENT the fingerprint database or the national DNA database, which may also be searched. The PNC draws its data from a number of other databases and when, because of our legal obligations, a deletion request is put on to the police national computer, it cascades deletions down through the other databases in accordance with the law. Those subsequent deletions were halted immediately, and that should help us, we hope, with recoverability of the dataset.
The hon. Gentleman asked about SIS II. That is indeed unrelated, and visa processing was suspended for approximately 24 hours. Everybody whose customer service threshold could not be met as a consequence of that was informed, but processing was resumed pretty quickly. We are assessing the impact on ongoing police investigations, while we analyse the report that has been run, which will give us the full picture of what has actually happened on the system.
Having said that, policing partners and the Home Office have put in place mitigations, not least informing other police forces—as Nav Malik did—that they should be making subsequent checks of their own and other databases, not least the police national database, which is a separate database from the police national computer and holds intelligence and other information.
On the national law enforcement data project, the replacement of the PNC, while that process has had its fair share of problems, it is fair to say we have undergone a reset. There is now a renewed sense of partnership working between the Home Office and the police, to make sure we get that much needed upgrade in technology correct.
The hon. Gentleman’s final point was about accepting the maintenance of data. He is absolutely right: we accept that it is very important that we, and indeed police forces and other governmental bodies that hold people’s personal data, do our best to maintain its integrity and to do so as faultlessly as possible. In these circumstances, we were attempting through this code to comply with our stringent legal obligations to delete personal data where it cannot be held by us or by other databases. Sadly, human error introduced into the code has led to this particular situation, which we hope is rectifiable. I am more than happy to keep the hon. Gentleman updated, as I did on Saturday afternoon, when I briefed him.