An independent report has called on the government to urgently replace the Police National Computer (PNC), following a major incident in January in which an engineer accidentally deleted the records of 209,550 offences.
The PNC was set up 47 years ago and is used for employee criminal background check services, but the incident created a situation in which many candidates might have been able to take up job offers because their criminal records were removed from the database. Fortunately, the records, including arrest details, fingerprints and DNA data, have all been recovered.
Leading the enquiry, former chief of the Metropolitan Police Lord Hogan-Howe concluded that the “critical incident” was caused by a combination of “human error” and management-level failings.
However, much of the focus has been on the computer itself. Set up in 1974, it may have been state-of-the art in its time, but the need for a replacement was already evident. Indeed, the government does have plans in place to do this, but the new system is expected to take two years to emerge.
According to the report, this change needs to happen sooner. It has called for the Home Office to come up with a plan for the overhaul or replacement of the system within eight weeks.
Part of the problem is that, notwithstanding some updates, the PNC was still criticised as being “inflexible” and, due to its age, its operation was dependent on a “diminishing skills base” of software engineers with an understanding of how the 1970s technology operated.
This led to the situation where engineers carrying out a legally-required system update made one single error in coding, which caused the deletion of the records.
Noting that the team involved in running the system “have worked together over a long period of time”, the report stated that management would have relied on the “expertise and closeness” of the team. This made it much more likely that “their work would be accepted rather than checked by a leadership that was in a poor position to challenge their decision-making”.
Home secretary Priti Patel has said the upgrade of the Home Office databases is a priority, with a number of IT systems requiring modernisation.
She told the Home Affairs Committee in January that the issue has been “neglected by successive governments for far too long.”
Ms Patel added: ”The infrastructure is absolutely, as we have seen from the Police National Computer issue, out-of-date, struggling, and we have to absolutely update our systems.”
When the problem was first discovered in January, it was estimated that around 150,000 records had been lost. It was swiftly identified as an internal error and not the result of a cyber attack.
Speaking to IT Pro in response, systems engineer manager at data management company Cohesity Ezat Dayeh said: “It is hard to believe that there is no protection, no backup and no policies that would prevent this kind of data being lost,” adding that “questions need to be asked” if it was not possible to recover the data.
At Agenda, Criminal Record checks form just one part of a package of checks we carry out for most of our clients. Our holistic approach to marrying up checks will identify anomalies, meaning you have enhanced protection from this type of threat.