Feeds

How to delete your DNA profile

A cut-out-and-keep reference guide

High performance access to file storage

It's a little known fact that it's possible to have your DNA profile removed from the National DNA Database (NDNAD). While the Police have processes to gather and retain DNA samples - they don't yet have a procedure to delete the DNA of innocent members of the public.

It's complicated - but for now, this is what you should do.

Over four million profiles have been added to NDNAD since 1995. Last year, 115 profiles were deleted and 667,737 added. In the last five years, 634 DNA profiles have been removed from the database, while 2,649,937 profiles were added. In other words, the number of DNA profiles removed is around 0.02 per cent of the number of profiles added in the period - where we have the information.

According to a document called the Step model - Retention guidelines, it is considered "exceptional" for an innocent citizen to have one's DNA sample destroyed, and the associated DNA profile removed.

Currently, the destruction of DNA samples and removal of DNA records are "completed by way of an approved form being sent [by a Senior Information Manager from the Metropolitan Police Service Specialist Crime Directorate 12 (MPS SCD 12)] to designated staff in each of the departments concerned who are aware of the exceptional case procedure, once deletion / destruction has taken place we are informed and subsequently we notify the applicant, there is no process map in existence for this practice."

My own fingerprints and DNA were added to the database on 2005-07-28 when I was arrested on the London Tube.

Then ensued a complaint to the Independent Police Complaints Commission (IPCC), an investigation, an appeal to the outcome and a final decision by the IPCC. The final decision, dated 2007-05-03, "requested that the Metropolitan Police Service reconsider your request for your records and samples to be physically destroyed and electronically deleted, and for the summary information in the Police National Computer to be expunged."

The Misconduct Office informed me, on 21 August last year, that they had agreed to this request. Department SCD12 confirmed that my fingerprints were destroyed and the entry on the fingerprint database was deleted on 2007-07-24, my DNA samples destroyed and the entry on the DNA database deleted on 2007-08-20 and my Police National Computer (PNC) record deleted on 2007-08-30.

If you read the previous paragraph carefully, you may notice that the Misconduct Office requested the exceptional case to be dealt with by SCD12 before informing me of its decision, and SCD12 appears to have been prompt. So it was no longer possible for me to witness the destruction and removal actions. Hopefully there was no break in communications, and all those involved did their job properly without making any mistake. The information I received, unfortunately, leaves room for interpretation.

For instance, there was mention of "DNA sample" (singular) when two mouth swabs were taken - most likely a shortcut. Another example is that SCD12 asks "departments", but the labs that are contracted to analyse the DNA samples and keeping them are not part of the Police and hence not departments, most likely another shortcut.

So how would I know that my DNA profile really had been deleted? One way to verify this would be to plant some of my DNA at a crime scene and wait for a knock at the door. Obviously this is an experiment I will not undertake. I'd much prefer to have (verifiable) specific assurances rather than assumptions, but instead I'll have to trust the Police and the labs they use.

To avoid others having to go through this same situation, I shared these concerns with the SCD12 Senior Information Manager. The outcome: "An exceptional case process map will be available on the MPS Publication Scheme early 2008."

Having a documented process in place instead of the current ad-hoc mechanisms will go some way to increase confidence in the efficacy of what must be a complex procedure. Unsurprisingly, the Information Commissioner's Office has also been keen for a long time for the Police to implement such a step-out (deletion) procedure.

Publishing a process - which describes in detail the actions to be taken by the Police departments and their contractors - will help ensure other innocents get fair and open treatment in getting off the NDNAD. This, in turn, will help make exceptional cases the norm. ®

David Mery, a technologist based in London, was arrested in July 2005 for "suspicious behaviour": carrying a rucksack, and his home computers were confiscated. He was released without charge. Last year he succeeded in having his DNA profile purged. His website is gizmonaut.net.

3 Big data security analytics techniques

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.