Police forces can keep a record of spent convictions on a single central database without breaking data protection laws, the Court of Appeals has said. Police would have had to delete a million records from their system if they had lost.
The Court reversed orders of the Information Commissioner’s Office (ICO) and the Information Tribunal, both of which said that the retention of records was in breach of the principles of the Data Protection Act (DPA) in five cases involving the records of old minor convictions.
Details of convictions are made available to some organisations when they perform a criminal records check.
The Court of Appeals said that the ICO had interfered too far in decisions that police forces alone should be making. Lord Justice Waller quoted with approval a previous Inquiry’s summary of the ICO’s approach.
“Police judgements about operational needs will not be lightly interfered with by the Information Commissioner. His office ‘cannot and should not substitute [their] judgement for that of experienced practitioners’,” that summary said.
“If the police say rationally and reasonably that convictions, however old or minor, have a value in the work they do that should, in effect, be the end of the matter,” said Lord justice Waller in his ruling.
“It is simply the honest and rationally held belief that convictions, however old and however minor, can be of value in the fight against crime and thus the retention of that information should not be denied to the police,” he said.
The cases hinged on two of the data protection principles (DPP) that underpin the Act. These were principles three and five, which say that organisations should not keep excessive data and should not keep it for longer than is necessary.
The ICO’s lawyer said that data should be retained only for “core” police purposes, which would not include keeping information for use later by the Criminal Records Bureau (CRB), Crown Prosecution Service (CPS) and the courts.
Lord Justice Waller said that the police’s notifications to the ICO about what processing of data they were carrying out made it clear, though, that these were amongst the purposes for which they held the data.
“It seems to me to be clear that one of the purposes for which the police retained the data on the PNC was to be able to supply accurate records of convictions to the CPS, the courts and indeed the CRB,” he said. “‘Rendering assistance to the public in accordance with force policies’ clearly covers the roles the police seek to perform in those areas and if there was any doubt about it the recipients include ‘Employers’ ‘the courts’ and ‘law enforcement agencies’.”
“If one then poses the question whether the Data being retained is excessive or being retained for longer than necessary for the above purposes there is, it seems to me, only one answer, since for all the above a complete record of convictions spent and otherwise is required. That seems to me to be a complete answer to the appeal,” he said.
Once the data is retained it can be shared with bodies listed by the Government under the Rehabilitation of Offenders Act, said Lord Justice Waller.
“The circumstances in which there will be disclosure are circumstances in which the Data Subject would be bound to give the correct answer if he or she were asked. It is not as it seems to me the purpose of the (DPA) to overrule the will of Parliament by a side wind,” he said.
The Court also considered the retention of the record of a girl who was reprimanded when less than 18 and told that her record would be deleted if she turned 18 without getting into further trouble. The ICO had said that the retention of her record after the age of 18 broke the DPA’s stipulation that processing be “fair”.
Two out of the three judges in the Court of Appeal said that police had not breached that principle of the DPA by keeping the records after she turned 18, notwithstanding her good behaviour.
See: The ruling