Feeds

How to delete your DNA profile

A cut-out-and-keep reference guide

The essential guide to IT transformation

It's a little known fact that it's possible to have your DNA profile removed from the National DNA Database (NDNAD). While the Police have processes to gather and retain DNA samples - they don't yet have a procedure to delete the DNA of innocent members of the public.

It's complicated - but for now, this is what you should do.

Over four million profiles have been added to NDNAD since 1995. Last year, 115 profiles were deleted and 667,737 added. In the last five years, 634 DNA profiles have been removed from the database, while 2,649,937 profiles were added. In other words, the number of DNA profiles removed is around 0.02 per cent of the number of profiles added in the period - where we have the information.

According to a document called the Step model - Retention guidelines, it is considered "exceptional" for an innocent citizen to have one's DNA sample destroyed, and the associated DNA profile removed.

Currently, the destruction of DNA samples and removal of DNA records are "completed by way of an approved form being sent [by a Senior Information Manager from the Metropolitan Police Service Specialist Crime Directorate 12 (MPS SCD 12)] to designated staff in each of the departments concerned who are aware of the exceptional case procedure, once deletion / destruction has taken place we are informed and subsequently we notify the applicant, there is no process map in existence for this practice."

My own fingerprints and DNA were added to the database on 2005-07-28 when I was arrested on the London Tube.

Then ensued a complaint to the Independent Police Complaints Commission (IPCC), an investigation, an appeal to the outcome and a final decision by the IPCC. The final decision, dated 2007-05-03, "requested that the Metropolitan Police Service reconsider your request for your records and samples to be physically destroyed and electronically deleted, and for the summary information in the Police National Computer to be expunged."

The Misconduct Office informed me, on 21 August last year, that they had agreed to this request. Department SCD12 confirmed that my fingerprints were destroyed and the entry on the fingerprint database was deleted on 2007-07-24, my DNA samples destroyed and the entry on the DNA database deleted on 2007-08-20 and my Police National Computer (PNC) record deleted on 2007-08-30.

If you read the previous paragraph carefully, you may notice that the Misconduct Office requested the exceptional case to be dealt with by SCD12 before informing me of its decision, and SCD12 appears to have been prompt. So it was no longer possible for me to witness the destruction and removal actions. Hopefully there was no break in communications, and all those involved did their job properly without making any mistake. The information I received, unfortunately, leaves room for interpretation.

For instance, there was mention of "DNA sample" (singular) when two mouth swabs were taken - most likely a shortcut. Another example is that SCD12 asks "departments", but the labs that are contracted to analyse the DNA samples and keeping them are not part of the Police and hence not departments, most likely another shortcut.

So how would I know that my DNA profile really had been deleted? One way to verify this would be to plant some of my DNA at a crime scene and wait for a knock at the door. Obviously this is an experiment I will not undertake. I'd much prefer to have (verifiable) specific assurances rather than assumptions, but instead I'll have to trust the Police and the labs they use.

To avoid others having to go through this same situation, I shared these concerns with the SCD12 Senior Information Manager. The outcome: "An exceptional case process map will be available on the MPS Publication Scheme early 2008."

Having a documented process in place instead of the current ad-hoc mechanisms will go some way to increase confidence in the efficacy of what must be a complex procedure. Unsurprisingly, the Information Commissioner's Office has also been keen for a long time for the Police to implement such a step-out (deletion) procedure.

Publishing a process - which describes in detail the actions to be taken by the Police departments and their contractors - will help ensure other innocents get fair and open treatment in getting off the NDNAD. This, in turn, will help make exceptional cases the norm. ®

David Mery, a technologist based in London, was arrested in July 2005 for "suspicious behaviour": carrying a rucksack, and his home computers were confiscated. He was released without charge. Last year he succeeded in having his DNA profile purged. His website is gizmonaut.net.

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.