Sat, 29 Aug 2009

Notes on the PNC

Much information about the Police National Computer, some well-known, some less-so, can be found in the work of the Information Commissioner's Office and Information Tribunal. I am summarising below general information about the PNC obtained mostly from a July decision notice by the Information Commissioner about the National Police Improvement Agency (NPIA), from an older decision, from last year, by the Information Tribunal about five police forces, and from the NPIA (now the College of Policing).


The PNC is an intelligence system, designed to support operational policing. Statutory authority for the existence of the PNC is provided by the Police and Criminal Evidence (PACE) Act 1984:

27.—(4) The Secretary of State may by regulations make provision for recording in national police records convictions for such offences as are specified in the regulations.

The Chief Constables or Officers of the 43 England and Wales police forces through their Association of Chief Police Officers (ACPO) pool much of their collective intelligence on the PNC. The PNC holds conviction data gathered from the Courts (which are often referred to as ‘hard data’) and other data such as arrests and charges (which are often referred to as ‘soft data’) provided by Chief Constables. The latter includes "Non convictions summary". The PNC also identifies whether DNA and finger prints are held on an individual. The technology used is old and is planned to be updated. In addition each force has a variety of systems where intelligence is held locally. Each of the 43 police forces in England and Wales can add information to the PNC, and can also delete information.

Uses of information held on the PNC other than for operational policing purposes include providing assistance to the Crown Prosecution Service (CPS) (or any other prosecuting agency) in the prosecution of an offence, and the courts in the administration of justice; assisting organisations such as social services departments and probation services in multi-agency work to protect the public, in particular young and vulnerable persons; disclosure of information in the context of employment vetting to the CRB; and public safety and protection of life and property, for example assisting members of the public in discovering the whereabouts of missing persons.

The Europen Courts of Human Rights explained that records on the PNC are not only accessible to the police, but also to 56 non-police bodies, including Government agencies and departments, private groups such as British Telecom and the Association of British Insurers, and even certain employers. Furthermore, the PNC is linked to the Europe-wide Schengen Information System.

The PNC is not in itself a legal entity, it is a computer system maintained by the National Police Improvement Agency (NPIA). It was set up 35 years ago. The PNC contains records from a number of separate information databases. The information records stored on the PNC are described in a written answer as follows:

The PNC is a dynamic database which is constantly updated. According to the NPIA annual report and accounts 2008-09, the "PNC holds over 9.2 million nominal (people) records, 52 million driver records and 55 million vehicle records [and] PNC usage in the 12 months ending April 2009 was approximately 185 million transactions. However, according to information provided by the NPIA to the Information Commissioner in the past two years, there are "45,000,000 records on the PNC". Alan Campbell's figures in his written answer are close to those of the NPIA annual accounts.

Further details on the PNC Names database is found in the appendix of the PNC Code of Practice. The Names index holds data on persons who fall into one of the four categories below:

A record can be created for a number of reasons, including when a person:

A record can also be created in relation to a person who is missing in certain circumstances or has otherwise come to notice.

The PNC is an ADABAS (Adaptable Database System) management system. It does not use Structured Query Language (SQL) to search for information. Searches are carried out using ‘natural coded software’ using a QUEST (Querying Using Enhanced Search Techniques). A QUEST enables searches of the names database to identify suspects through the use of gathered information such as physical description and personal features. QUEST is not designed as a statistical tool; it is an operational tool used to identify offenders by inputting various descriptive parameters. The NPIA is able to run a QUEST to perform a tally of records within a set of given parameters. This function allows PNC operators to compare and contrast records within the descriptive parameters to define a search down to a reasonable number of responses. There is a display limit of 2000 responses for any tally. The PNC cannot be searched using free text fields.

PNC nominal records

The PNC is capable of recording more than 300 data items against an individual, including the offence, its code and the date it occurred. (The written answer states that the Names database has 253 fields available and that where fields are sub-divided, this has been counted as one data field - so these two figures may be consistent and are anyway of the same order of magnitude).

An Arrest/Summons reference number is generated by the PNC after the nominal details (name, birth date, sex and colour) are entered and the following mandatory fields are completed:

The type of information that may be recorded on the PNC is governed by Regulation 3 of the National Police Records (Recordable Offences) Regulations 2000 (SI 2000/1139):

3.—(1) There may be recorded in national police records—convictions for; and cautions, reprimands and warnings given in respect of, any offence punishable with imprisonment and any offence specified in the Schedule to these Regulations [see the post Recordable offences]. In paragraph (1) above—the reference to an offence punishable with imprisonment shall be construed without regard to any prohibition or restriction imposed by or under any enactment on the punishment of young offenders; “caution” has the same meaning as in Part V of the Police Act 1997; and “reprimand” and “warning” mean a reprimand or, as the case may be, a warning given under section 65 of the Crime and Disorder Act 1998. Where the conviction of any person is recordable in accordance with this regulation, there may also be recorded in national police records his conviction for any other offence of which he is convicted in the same proceedings.

Changes to the codes for crimes on the PNC is the responsibility of the National Identification Service (NIS), a centrally funded organisation within the Metropolitan Police Operational Information Service.

Information held in the PNC is subject to ‘weeding’ rules defined in the MoPI Guidance - Step model - Retention Guidelines. The information may be "stepped down", i.e. only open to inspection by the police, after defined time periods. The information may be deleted when a subject reaches 100-year old or when a case is considered "exceptional" enough.

The legal framework is permissive, not mandatory. Certain conviction information may be recorded in national police records; there is no statutory obligation to record conviction information, and nor is there an obligation to retain conviction information (either for any particular period, or indefinitely) once it has been recorded. Nor is the legislative framework comprehensive. Certain legal offences are not liable to imprisonment and are not specified in the Schedule to the Regulations, and hence they are not recordable. For instance, it is understood that the offences created by the Data Protection Act itself are at present not recordable. Therefore even if all recordable offences were recorded and retained indefinitely, the PNC would not be a comprehensive record of all criminal convictions.

PNC data integrity

The information held in the PNC is saved three times a week. Three ‘generations’ of data are kept at any given time. As a new generation of data is saved, the oldest generation is removed.

The NPIA do not retain a ‘snap-shot’ of the data on the PNC for any particular time.

The NPIA have an audit trail of changes made to the PNC which allows the contents to be recovered to its last iteration.

Changes to PNC software and those at database level (not to be confused with updates to individual records made by police users) are recorded in hand over documents which are retained for approximately 3 years.

At present, step down is a manual process. Where a record is stepped down from the PNC then conviction information is removed from the PNC, although a record of an individual’s name and other identifying information remains on the PNC. The individual’s record on the PNC would also include an indication that information has been stepped down. Information is held in paper records, not on computer, under the control of ACPO. It is intended that at some point in the future the step down process should operate automatically, not manually. What is envisaged is that stepped down information will be held on the PNC, but that special measures will be taken to ensure that it is only accessible to police users of the PNC.

NPIA's role in relation the PNC

The NPIA maintains and delivers the PNC and acts as a central resource for police forces. The NPIA maintains the ‘hardware’ of the PNC.

The NPIA does not determine policy in respect of the data recorded on the PNC. It is outside of the NPIA’s remit to dictate to police forces how data should be entered onto PNC; this is the responsibility of the Association of Chief Police Officers (ACPO).

The NPIA produces national plans. This does not involve interrogating data held on the PNC.

The NPIA use information from the PNC for the purpose of operational research, for and on behalf of police forces.

Within the NPIA are a number of organisations such as the Missing Persons Bureau (MPB) and the Serious Crime Analysis Squad (SCAS). These use the PNC in limited ways for their specific functions; for instance, the SCAS uses PNC information to obtain intelligence on known offenders and on suspects for outstanding serious crimes. They do not input data into the PNC. The PNC recorded 7,625 transactions by the NPIA SCAS and MPB during 2008.

Note that even though the NPIA argued "that it holds and is responsible for the PNC in its capacity as Data Processor and it is the individual police forces who are the Data Controllers", the Commissioner found in its recent decision notice that "Where information is held by a public authority, to any extent for its own purposes, then it holds that information otherwise than on behalf of information for the purposes of the Act." This means that, for instance, Freedom of Information requests about the PNC can be sent to the NPIA and not just to the police forces.

These notes about the PNC are a mash up of several sources, and in some instances they highlight inconsistencies in the information available. There's no obvious explanation for the discrepancy in the number of records, especially as the conflicting figures originally came from the same organisation, the NPIA. On a more general level, there seems to be two different understandings for the "PNC": either a database of arrested individuals and crimes, or a more encompassing system made up of several databases. While the latter may be more accurate, the former seems to be closer to the general understanding as well as to the scope defined in PACE 1984.

First published on 2009-08-29; last updated on 2014-10-08 (fixed dead links).

Bootnote: The Library of the House of Commons published, on 2014-04-15, the Standard Note The retention and disclosure of criminal records.

websiteblogblog archivenews feedfeedback