Sun, 13 Jan 2008

What happens to the NDNAD backups?

Several readers of How to delete your DNA profile (El Reg) have queried what happens to the backups of the National DNA (and IDENT1) database. Here's Wayne Sheddan:

Do you know how the fingerprint and DNA records are removed from the backup tapes? These still contain the records from when they are first entered until they are removed? It's one thing to delete the records from the online database, it's another thing altogether to eliminate them completely from all data repositories...

Knowing most organizations it's likely the records are even online in the test systems - since these are often just a restore from production at some point in time, and are often 'refreshed' using production backup tapes...

Deleted - but not gone...

If only for cost reason it is unlikely for any backup tape to be expunged of ‘deleted’ data. Depending on the backup rotation scheme and the number of tapes used, the backed up data may have a finite lifetime and tapes degrade as they age and are eventually destroyed. Hence, it is likely that data such as fingerprints, DNA profiles and Police National Computer (PNC) records when ‘electronically deleted’ remain on backup tapes for possibly several more years. Deleted - but not (entirely) gone...

Another reader even suggested the possibility for the Police to keep a database of deleted DNA profiles. This is the standard operating procedure! ‘The Retention Guidelines are based on a format of restricting access to PNC data, rather than the deletion of that data.’ The step-down model effectively makes the data appear deleted to all but the Police and for Enhanced Checks. However, it is most unlikely the Police would maintain such a database of ‘electronically deleted’ records for ‘exceptional cases’ (as defined in these same Police guidelines) as it would be in complete contradiction to the statements they issue to each individual for whom they delete the DNA profile. Of course, if this procedure was to be changed in the future, all the records marked as stepped-down could be stepped back up.

Wayne Sheddan adds:

I just hope the legislation is such that records that have been deleted are subsequently inadmissible in court. I can just imagine the scenario where a restore is required, but the subsequent transaction roll-forward that contains the 'delete' commands fails - leaving the records in place again.... the legal status of the records must thus be the primary protection for the citizenry[residents].

Current legislation authorises the Police in England and Wales to keep the DNA profiles they collect – of innocents and convicted alike – forever. So if such records were used in court, even after the Police promised they had been deleted, they likely would be admissible as long as they were collected and retained legally. You could of course complain and/or go to trial about the fact that the Police lied to you but I'd expect that to be a separate matter entirely. (Reminder: I am not a lawyer and this is just my interpretation.)

This is yet another reason that makes the ‘exceptional case process map’, the SCD12 Senior Information Manager promised me will be published early this year so important. When describing all the steps taken when deleting electronic records (and destroying samples), the document will, hopefully, make it clear as well what happens to the backups of deleted data. Publishing this process will also mean that innocents getting their DNA profile deleted will be treated fairly as the process will be documented and the same for everyone in that situation.

P.S. Earlier this week, Professor Sir Alec Jeffreys, the geneticist who first found a way to identify people through their DNA two decades ago, told the BBC that ‘recent developments such as the retention of innocent people's DNA raises significant ethical and social issues.’

websiteblogblog archivenews feedfeedback