Feeds

How to delete your DNA profile

A cut-out-and-keep reference guide

Security for virtualized datacentres

It's a little known fact that it's possible to have your DNA profile removed from the National DNA Database (NDNAD). While the Police have processes to gather and retain DNA samples - they don't yet have a procedure to delete the DNA of innocent members of the public.

It's complicated - but for now, this is what you should do.

Over four million profiles have been added to NDNAD since 1995. Last year, 115 profiles were deleted and 667,737 added. In the last five years, 634 DNA profiles have been removed from the database, while 2,649,937 profiles were added. In other words, the number of DNA profiles removed is around 0.02 per cent of the number of profiles added in the period - where we have the information.

According to a document called the Step model - Retention guidelines, it is considered "exceptional" for an innocent citizen to have one's DNA sample destroyed, and the associated DNA profile removed.

Currently, the destruction of DNA samples and removal of DNA records are "completed by way of an approved form being sent [by a Senior Information Manager from the Metropolitan Police Service Specialist Crime Directorate 12 (MPS SCD 12)] to designated staff in each of the departments concerned who are aware of the exceptional case procedure, once deletion / destruction has taken place we are informed and subsequently we notify the applicant, there is no process map in existence for this practice."

My own fingerprints and DNA were added to the database on 2005-07-28 when I was arrested on the London Tube.

Then ensued a complaint to the Independent Police Complaints Commission (IPCC), an investigation, an appeal to the outcome and a final decision by the IPCC. The final decision, dated 2007-05-03, "requested that the Metropolitan Police Service reconsider your request for your records and samples to be physically destroyed and electronically deleted, and for the summary information in the Police National Computer to be expunged."

The Misconduct Office informed me, on 21 August last year, that they had agreed to this request. Department SCD12 confirmed that my fingerprints were destroyed and the entry on the fingerprint database was deleted on 2007-07-24, my DNA samples destroyed and the entry on the DNA database deleted on 2007-08-20 and my Police National Computer (PNC) record deleted on 2007-08-30.

If you read the previous paragraph carefully, you may notice that the Misconduct Office requested the exceptional case to be dealt with by SCD12 before informing me of its decision, and SCD12 appears to have been prompt. So it was no longer possible for me to witness the destruction and removal actions. Hopefully there was no break in communications, and all those involved did their job properly without making any mistake. The information I received, unfortunately, leaves room for interpretation.

For instance, there was mention of "DNA sample" (singular) when two mouth swabs were taken - most likely a shortcut. Another example is that SCD12 asks "departments", but the labs that are contracted to analyse the DNA samples and keeping them are not part of the Police and hence not departments, most likely another shortcut.

So how would I know that my DNA profile really had been deleted? One way to verify this would be to plant some of my DNA at a crime scene and wait for a knock at the door. Obviously this is an experiment I will not undertake. I'd much prefer to have (verifiable) specific assurances rather than assumptions, but instead I'll have to trust the Police and the labs they use.

To avoid others having to go through this same situation, I shared these concerns with the SCD12 Senior Information Manager. The outcome: "An exceptional case process map will be available on the MPS Publication Scheme early 2008."

Having a documented process in place instead of the current ad-hoc mechanisms will go some way to increase confidence in the efficacy of what must be a complex procedure. Unsurprisingly, the Information Commissioner's Office has also been keen for a long time for the Police to implement such a step-out (deletion) procedure.

Publishing a process - which describes in detail the actions to be taken by the Police departments and their contractors - will help ensure other innocents get fair and open treatment in getting off the NDNAD. This, in turn, will help make exceptional cases the norm. ®

David Mery, a technologist based in London, was arrested in July 2005 for "suspicious behaviour": carrying a rucksack, and his home computers were confiscated. He was released without charge. Last year he succeeded in having his DNA profile purged. His website is gizmonaut.net.

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.