In this article, we look at not just the story of how a staggering 400,000 police records were accidentally deleted but also at the wider picture of what information is held about us UK citizens by the authorities, and what powers we have over that data.


After first being reported in the Times newspaper, momentum has grown around the story of how it appears that due to “human error”, according to Home Secretary Priti Patel, some 400,000 police records have been deleted from the Police National Computer (PNC) database. When the story first broke, it was reported on some UK TV news broadcasts that 150,000 records had been deleted and that these were for people where no further action was needed on their cases anyway.

For example, policing minister Kit Malthouse has been widely quoted as saying that “the affected records apply to cases where individuals were arrested and then released with no further action, and we are working to recover the affected records as a priority”. Mr Malthouse has also said, however, that he is not entirely sure yet whether the loss of data of these police records could have an operational impact on the work of the police.

Types of Records

The types of records believed to have been deleted include 200,000+ offence records,175,000 arrest records, and 15,000 person records, as well as 26,000 DNA records, 30,000 fingerprint records, and 600 ‘subject’ records.

Human Error?

It has been reported that the human error that is being blamed for the mass deletion relates to mistakes made on a routine “weeding” session of surplus data and the running of “defective code”.

What Now?

Despite the deletions, it is understood that work is underway to write a new code to somehow restore the lost data.

Public Safety

Clearly, losing the records of potential or known criminals could jeopardise investigations and adversely affect UK justice and public safety as well as letting down victims of crime and their families.

Data Security

In addition to being a threat to public safety, the mishandling or loss of personal data is normally a matter for data security laws. In this case, the data has been deleted and so isn’t in danger of affecting the privacy of security of data subjects. That said, there is an important distinction to make between data handled by businesses and by law enforcement, and to clarify what the data law situation is following Brexit.

The introduction of GDPR saw UK businesses having to upgrade their understanding of (and dealing with) personal data. Since Brexit, the DPA 2018, which already enacts GDPR’s requirements in UK law has been amended by and merged with the DPPEC (Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit)) Regulations 2019 amends the DPA 2018. The new amended and merged post-Brexit data laws in the UK are now known as ‘the UK GDPR’.

Unlike data held and processed by UK businesses however, data held by law enforcement and for the purposes of national security is (according to the ICO) not covered by GDPR (i.e. UK GDPR), which is similar to being exempt. Police data, used for the purpose of investigating a crime, for example, is subject to the rules in Part 3 of the Data Protection Act 2018.

Exemptions and Your Data Rights

There is also an exemption in GDPR for the processing of personal data for the prevention and detection of crime. According to the ICO, if there had been a data breach from the police, the exemption under GDPR would mean that the police would not have to notify individuals of a personal data breach if that data had been processed as part of crime prevention and detection. In essence, this appears to suggest that if your data is stolen from a police computer, you don’t have the same rights as if it was stolen from a business computer (i.e. you have lost some of your data protection rights).

What Kind of Data is Stored Where?

This case has triggered questions about the kind of data that is stored about UK citizens by the police and other authorities, as well as where and how that data is stored.

Police ‘data’ could refer to criminal convictions, cautions warnings, and reprimands, but also includes biometric data such as fingerprints and photos, CCTV footage (your image is your personal data), mobile phone messages, texts, emails, other written documents and more.

Police data can be stored by the local police force in your area as well as one of many national databases including, as in this case, the Police National Computer (PNC) or the National DNA Database (NDNAD), National Fingerprints Database (IDENT1), Custody Suite Imaging System (CSIS), and more databases besides.

For How Long?

According to the UK’s College of Policing, information about how long your data can or should be kept by the police is guided by a principle rather than a hard and fast rule, although a policy setting standard retention period should be set “wherever possible”. The "Fifth principle” of data storage limitation says that for law enforcement and general processing personal data should not be retained for longer than it is needed, and police need to be able to justify how long personal data is retained for, depending on the purposes for holding that information. This principle acknowledges that individuals have a right to erasure if that information is no longer needed although it also states that “personal data can be kept for longer if the police are only keeping it for public interest archiving, scientific or historical research, or statistical purposes”. For Biometric Data (i.e. fingerprints and DNA) in most cases, the Protection of Freedoms Act 2012 amends to the Police and Criminal Evidence Act 1984 (PACE) to allow police in England and Wales to keep a person’s biometric information indefinitely.

Criminal Records Check

Employers can request a basic, standard, or enhanced AccessNI check from the police records which discloses different types of information about a person’s criminal record history. Basic and standard checks can take about 10 days whereas an enhanced check can take about 3 weeks. Convictions for certain crimes will appear on these checks but some cautions, fines, offences and spent convictions won't appear.

The different levels of checks are:

Basic - for details of all convictions considered to be unspent.

Standard - containing details of all spent and unspent convictions, informed warnings, cautions and diversionary youth conferences.

Enhanced - contains the same information as a standard check and police records held locally. This type of check is usually required for work with children and vulnerable adults, the check may include information held by the Disclosure and Barring Service (DBS).

Requesting Your Data To Be Removed From Police Records

There are some circumstances under which a persons’ data, including biometric data in some cases, can be removed from police records on request. These circumstances are detailed here: and guidance about the process is given here:

Freedom of Information Request

In addition to much of the work of the police being kept secret for obvious reasons, much of the work of the UK government is also subject to laws relating to (national) security and privacy, although there is a wish to allow transparency where possible and where risks are minimised. The government actively publishes a lot of information and engages with the media as part of this transparency process.

Sometimes there are situations where individuals and organisations would like to find out more from the government (or the police) than what has been published or made freely available. As the Institute for Government says, “Freedom of information, parliamentary questions and ministerial correspondence are important mechanisms through which Parliament and the public can get information out of government”.

The Freedom of Information Act 2000 allows members of the public and press to submit Freedom of Information requests (FOI). If certain conditions are met, public authorities are then required under this act to release any information they hold relating to the request. The Freedom of Information Act applies to government departments and the executive agencies and public bodies they sponsor, parliament, the armed forces, devolved administrations, local authorities, the NHS, schools, universities, and police forces.

Submitting a Freedom of Information Request

Anyone can submit a Freedom of Information request (FOI) and there are no restrictions on nationality, residency status or age. A request must ideally be made in writing (or verbally if writing is really not possible) and be sent directly to the relevant organisation, stating clearly what information is being requested, providing the requester’s real name with a valid address (postal or email) to where the reply can be sent.

If the recipient (e.g. a government department) decides that the request is resolvable, it may choose to either provide all or just some of the information that has been requested and it may decide to withhold some or all the information that has been requested.


Government departments usually receive up to 8,000 Freedom of Information requests every quarter. In Q2 of 2020, for example, 6770 requests were received by the UK government. Only 4956 of these were deemed to be resolvable and 1884 of these resolvable requests were withheld in full. Guidance on submitting a Freedom of Information Request (FOI) can be found here:

Looking Ahead

At the time of writing this article, the matter of the deleted 400,000 police records is still ongoing and information about the incident is still being gathered. At the same time, questions are currently being asked about matters of responsibility and when the Home Secretary is going to be made available to answer questions about the incident.

The implications of this mass deletion of offence, arrest, person, fingerprint, and DNA records could be that the solving of other crimes committed by known offenders may not be possible because the data is no longer available to cross-reference. The loss may also already be having an immediate impact on fighting crime as data from the Police National Computer (PNC) is used in real-time checks. The best-case scenario now is, of course, that the data can be restored and that procedures are changed to make sure that the same error can’t happen again. If the data cannot be restored this could be a major blow to law and order which could adversely affect individuals, communities, and businesses, and represents a frustrating waste of valuable time, effort, and police resources in gathering the data in the first place.


Global tech market analysts Canalys have reported that the worldwide PC market has received its biggest sales boost in 10 years as remote working fuels the ongoing digital transformation.

Highest Full-Year Growth Since 2010

Canalys reported on 11 January that the global PC market ended 2020 on a high with 25 per cent sales growth in Q4 of desktops, notebooks and workstations reaching 90.3 million units, and that total PC shipments in 2020 grew 11 per cent to reach 297.0 million units. Canalys reports that this is the highest full-year growth since 2010 and the highest shipment volume since 2014.

Lenovo Top

Lenovo tops the Q4 sales market with 23.1 million units and year-on-year growth of 29 per cent, followed by HP in second place with 19.1 million units shipped, Dell in third place with 50.3 million units shipped (up 27 per cent), Apple in fourth place (22.6 million devices shipped) and Acer in fifth place, shipping 20.0 million devices. Canalys reports that just these top 5 vendors accounted for 78.5 per cent of PC shipments in 2020.


Most tech commentators agree that the pandemic has revived what was a declining PC market. Back in November, for example, International Data Corporation (IDC) research indicated that shipments of EMEA traditional PCs (desktops, notebooks, and workstations) would total 82.1 million in 2020, a 12.7 per cent year-on-year growth due to the increased demand caused by the need for people to work at home during the pandemic.

Digital Transformation

A survey by Studio Graphene in September 2020 showed that the need to quickly shift staff to working from home because of the lockdown appeared to be a driver and an accelerator of digital transformation for businesses. The survey showed that nearly half (46 per cent) of business leaders said that said Covid-19 had driven the most pronounced digital transformation that their businesses had experienced.

This Year

Even though the pandemic has caused some supply chain issues, there have been innovations on chipsets and the demand for devices has continued to remain strong into 2021, as it is expected to do for at least the first quarter. Some commentators have noted how the shift by many businesses to an indefinite remote working environment, coupled with factors like the need to educate children at home, look like favouring more mobile than stationary devices, going forward. That said, and as the sales figures show, PCs have been at the heart of a very large global digital transformation and as Rushabh Doshi, Canalys Research Director says, “the PC industry caters to a broader range of customers that bring with them new behaviours and use cases”.

What Does This Mean For Your Business?

Prior to the pandemic, PC sales were in decline but the need for people to work from home has provided a massive boost to PC sales. As the second peak has been even worse than the first and with more infectious new strains emerging, this shift to remote working has meant that PC businesses and their supply chains have thrived and struggled to meet demand. Many business customers have undergone an accelerated digital transformation, have put technology at the heart of their operations and have made changes to their whole businesses where possible that could see a more permanent shift to a remote workforce using PCs and other devices, thereby ensuring that the curve in PC sales does not dip for some time yet.


If you are asking what is this, we wouldn’t blame you.  What it will do for you is secure your accounts from easy hacking.  

We recommend you put it in place on your email and IT accounts (e.g. Gmail, office 365 etc.).

For instance, let’s say you have a Gmail account for your personal or work email.  You log onto it with a password and get in.  What if someone can guess your password, or has hacked you?  Alternatively, if when you go to login the Gmail sends you a text message and gives you a code to put in, which you then do as well as your password, how secure does that sound.   Read more about it here on Microsoft’s blog


Contact Us

Office - 0121 285 5626

Pure Offices, Broadwell Road, Oldbury, West Midlands, B69 4BY

Office / Mobile - 0121 270 5626

© 2018 Data Innovations Ltd. All rights reserved.

  • Facebook - Grey Circle
  • Twitter - Grey Circle
  • LinkedIn - Grey Circle