§ Mr. BennettTo ask the Secretary of State for the Home Department what bodies other than police forces have access to the police national computer or criminal records; what safeguards exist against misuse; and what sanctions can be taken to remove access when individuals or organisations misuse the data. [20583]
§ Mr. MacleanThe following bodies other than police forces currently have direct access to the police national computer:
- HM Customs and Excise
- The Driver and Vehicle Licensing Agency (vehicles application only)
- National Ports Office
- National Identification Service
- Scottish Criminal Record Office
- National Criminal Intelligence Service
- Regional criminal intelligence offices
- Regional crime squads, including the Scottish crime squad
The following four organisations have access for maintenance, development, or training purposes only:
- Hendon data centre
- Home Office technical and policy division
- Central police national computer training centre
- Police staff college, Bramshill
In addition, I announced to the House on 22 March at column 200 that limited direct access for security vetting purposes would be made available to six Government Departments and agencies. Data on stolen vehicles is also supplied directly on tape from the police national computer to HPI (Equifax), CCN Group Limited and the Association of British Insurers.
All data on the police national computer so far as it relates to identifiable individuals is subject to the provisions of the Data Protection Act 1984, and the provisions of the Computer Misuse Act 1990 are also relevant. All transactions undertaken on the police national computer are automatically logged. Security arrangements are formalised in access agreements which have been or will be concluded with each user. These agreements specify, amongst other matters, the purposes for which the data may be used, security procedures, and arrangements for audit, including external compliance audits to be conducted by Her Majesty's inspectorate of constabulary. Provisions exist for terminating direct access should this prove necessary.
There are also statutory and administrative arrangements under which the police conduct criminal record checks on individuals on behalf of a range of employers and licensing authorities, without the recipients of the information having direct access to the police national computer. These bodies are listed in the 567W applications for registration completed separately by each data user and subsequently entered on the register held by the Office of the Data Protection Registrar.