Policy paper

Revised governance rules for the Forensic Information Databases strategy board (accessible HTML)

Published 27 April 2022

1. Governance Rules of the Forensic Information Databases Strategy Board

a) With effect from the date of these Rules, THE FORENSIC INFORMATION DATABASES STRATEGY BOARD (referred to in this document as the “Strategy Board”) shall be governed in accordance with these Rules and any previous Rules shall cease to have effect.

b) Section 63AB of the Police & Criminal Evidence Act 1984 (PACE), as inserted by section 24 of the Protection of Freedoms Act 2012 requires the Home Secretary to make arrangements for a Strategy Board to oversee the operation of the National DNA Database, and to publish and lay before Parliament the Strategy Board’s Governance Rules. The FINDS Board fulfils this statutory function. The legal basis for the taking and retention of fingerprints by the police under PACE powers is in general the same as that for DNA profiles. It is considered that the role of the Strategy Board should be expanded to cover the national fingerprint oversight and these Governance Rules have been amended accordingly. It is intended to amend the legislation when an opportunity arises. The Strategy Board is an unincorporated association of its members and is accountable to the Home Secretary.

2. Application of the Governance Rules, Definitions and Interpretation

a) The Strategy Board shall be administered and managed in accordance with the provisions of these Governance Rules.

References in this document to:

• i) “NPCC” shall mean the National Police Chiefs’ Council and any successor body;
• ii) “APCC” shall mean the Association of Police and Crime Commissioners (company no. 5214716) and any successor body;
• iii) The Biometrics Commissioner shall mean the person appointed by the Home Secretary to keep under review the retention and use by the police of DNA samples, DNA profiles and fingerprints and also to encourage compliance with the surveillance camera code of practice.
• iv) The Scottish Biometrics Commissioner shall mean the person appointed to support and promote the adoption of lawful, effective and ethical practices in relation to biometric data in a policing and criminal justice context.
• v) The Forensic Science Regulator shall mean the person appointed by the Home Secretary who is responsible for the setting of and compliance with national quality standards for the provision of forensic science services to the Criminal Justice System in the United Kingdom, including, but not limited to, those relating to the National DNA and Fingerprint Databases.
• vi) “Forensic Information Databases Service (FINDS)” shall mean the unit responsible for the delivery and operation of the National DNA and Fingerprint Databases. FINDS’ responsibilities shall include ensuring the integrity of the forensic information databases, managing the standards, access to, and procedures for these databases and the notification to police forces of any matches between DNA profiles against agreed standards and procedures. FINDS is administered by the Home Office;
• vii) “NDNAD” shall mean The National DNA Database®. The ‘National Fingerprint Database’ shall mean IDENT1, a police intelligence database of fingerprints. These are police intelligence databases of DNA profiles and fingerprints impressions respectively obtained from individuals and crime scenes and held solely for the purposes set out in Part V of PACE, as amended;
• viii) “DNA profile” shall mean a numeric representation made from targeting the non-coding regions of DNA known as Short Tandem Repeats or STRs. The chemistry of these STRs will be approved by the NDNAD Strategy Board;
• ix) Fingerprints shall mean a record of the friction ridge skin of the fingers recorded electronically via Livescan or occasionally by ink and plate.
• x) “Home Secretary” shall mean the Secretary of State for the Home Department;
• xi) “Ethics Group” shall mean the Biometrics and Forensics Ethics Group, the Advisory Non-Departmental Public Body appointed to advise Ministers and the Strategy Board on ethical issues concerning the NDNAD, forensic science, biometric information and related matters;
• xii) “Clauses” are clauses of these Governance Rule. The headings to clauses shall not affect their interpretation.

3. Strategic Aim

The strategic aim of the Strategy Board, as set out in section 63AB of PACE, is to provide governance and oversight for the operation of the National DNA, and Fingerprint Databases. Police powers to take and retain fingerprints parallel their powers relating to DNA, so in practice similar issues arise in relation to both. This includes the issuing of guidance to chief officers of police on the destruction of DNA profiles; fingerprint records and custody images; the Board may also issue guidance on the making of applications to the Biometrics Commissioner under section 63G of PACE.

The Strategy Board’s oversight includes the application of the powers conferred under Part V of PACE for the taking, use, retention and destruction of:

• DNA samples and the information derived from them (the DNA profile)
• Fingerprints, including the role of DNA and fingerprint evidence and its contribution to:
  • National security
  • Counter terrorism
  • The prevention and detection of crime
  • The investigation of an offence
  • The conduct of a prosecution
  • The identification of a deceased person or body part.

The strategic direction for the DNA and fingerprint databases is shaped and determined by wider policing strategies and Government policy. The Strategy Board will ensure this direction is aligned with these strategies.

4. Objectives

The objectives of the Strategy Board shall be to implement strategy and policy to ensure:

a) The most effective and efficient use of the DNA and fingerprint databases to support the purposes laid down in the legislation (and no other);

b) That the public are aware of the governance, capability and limitations of the NDNAD and fingerprint databases so that confidence is maintained in its use across all communities.

c) That the future use of the NDNAD and fingerprint databases takes account of developments in science and technology and delivers improvements in efficiency and effectiveness across the Criminal Justice System.

d) The most proportionate, ethical and transparent use of the NDNAD, and fingerprint databases across the Criminal Justice Service.

e) The most ethical and effective use of international searching of UK DNA profiles and fingerprints, whilst being aware of differing legislative jurisdictions.

5. Composition

a) Core membership (quorum) of the Strategy Board (“Members”) shall be the nominated representatives of:

• i) NPCC as a representative of the police service as the primary user of the NDNAD and fingerprint databases.
• ii) The Home Secretary; represented as agreed between the interested groups within the Home Office. The Data and Identity Directorate of the Home Office represents the Home Secretary’s policy interest.
• iii) The Association of Police and Crime Commissioners;

These three organisations provide the principal accountability and responsibility of the Board to the police service, Ministers and the public respectively.

b) Other additionally appointed Members as determined by the core membership. These Members have an advisory function and represent organisations or functions critical to the achievement of the objectives at Clause 4. They currently comprise

• i) The Chair of the Biometrics and Forensics Ethics Group (who has separate accountability to Ministers). The Board may commission work from the Ethics Group if it considers this appropriate.
• ii) The Information Commissioner (or representative). The Information Commissioner will help to ensure that the Board gives due weight to the demands of the Data Protection Act and other privacy legislation to ensure that the NDNAD retains the confidence of all communities. Attendance is in the capacity of an observer.
• iii) The Forensic Science Regulator (or representative).The Regulator ensures that the provision of forensic science services across the criminal justice system is subject to an appropriate regime of scientific quality standards.
• iv) The Biometrics Commissioner(or representative).
• v) Scottish Biometrics Commissioner.
• vi) A representative from the Police DNA Operational Users;
• vii) A representative from the Police Fingerprints Operational Users;
• viii) Representatives from the police service and the devolved administrations of Scotland and Northern Ireland, where they participate on the basis of:
  • Making available all DNA profiles and fingerprints collected and retained within their respective jurisdictions to the respective forensic information databases, subject to powers to take and retain this material being devolved.
  • Meeting the scientific and ethical standards that are agreed and endorsed by the Strategy Board for DNA profiling for the NDNAD and
  • Accepting that changes or developments in the DNA profiling methods or DNA databasing technology of the NDNAD will be agreed by the Strategy Board.
  • Co-ordinating the use of DNA and fingerprints in Scotland and Northern Ireland and in England and Wales, taking account of the fact that powers to take and retain this material are devolved.

c) Such other persons that shall be appointed from time to time in accordance with Clause 7 (Appointment of Additional Members).

d) The core membership of the Home Secretary, NPCC, and the APCC and the other Members shall agree and undertake with each other that, in consideration for their being appointed Members and being permitted to take part in the proceedings of the Strategy Board, they shall comply with the Governance Rules as may be amended from time to time.

6. Representation at Meetings

6.1 Appointment and Removal

a) Any Member may:

• i) authorise such person or persons as it thinks fit to act as its representative or representatives at any meeting of the Strategy Board;
• ii) remove any of such representatives who are so authorised by the relevant Member and appoint another representative in its place; and
• iii) appoint and remove any such representatives to and from any committee of the Strategy Board.

b) Subject to Clause 12.6 (Decision Making), a person so authorised is entitled to exercise the same powers on behalf of the body which he represents as that body could exercise if it were an individual Member.

6.2 Notice of Appointment

a) Any appointment or removal of a representative appointed in accordance with Clause 6.1 above shall be effected by notice in writing to the Strategy Board given by the relevant party, which shall take effect on delivery to the Secretary or Chair of the Strategy Board at their usual location or at any meeting of the Strategy Board.

b) Where the relevant notice is delivered to the Secretary, including by electronic means, the Secretary shall distribute such notice to the Members as soon as reasonably practicable.

7. Additional members and invitees

7.1 Invitations to Attend Meetings

a) The Strategy Board may subject to a resolution approved by the core Members as set out in Clause 5a above (such approval to be given either at a meeting or in writing in accordance with Clause 12.9) approve additional members from time to time as it shall think fit to attend meetings of the Strategy Board on such terms as it shall deem appropriate.

b) No additional members or persons invited to attend such meetings shall be entitled to vote at any meeting of the Strategy Board.

7.2 Resignation

Any additional Member appointed pursuant to Clause 7.1 may resign by giving notice in writing to the Secretary or Chair of the Strategy Board at their usual location or at any meeting of the Strategy Board.

8. Responsibilities of the Strategy Board

8.1 Specific Responsibilities

Subject to any financial restraints, the Strategy Board shall be responsible for:

a) Developing policy and procedures and implementing the strategy for the direction of:

• i) the NDNAD;
• ii) the Police Elimination Database and any other national elimination DNA databases in the future e.g. Centralised Elimination Database);
• iii) any separate DNA-related database(s) created for the purposes of the identification of a deceased person or body part (such as the Vulnerable Persons Database and the Missing Persons Database).
• iv) national fingerprint databases used by the police for fingerprints taken under PACE powers and from volunteers

b) The oversight of the scientific operation of the Counter Terrorism DNA and fingerprint databases, held by the Metropolitan Police Service as the lead force for CT operations.

c) Developing, maintaining and updating the statement of requirements (the “Statement of Requirements”) provided by NPCC in relation to the functionality and services to be delivered by the Forensic Information Databases Service as amended and updated from time to time. Evaluating and reporting (when required) on the Forensic Information Databases Service’s performance of the matters set out in the Statement of Requirements and the Strategy Board Policy for The Forensic Information Databases Strategy Board Policy for Access and Use of DNA Samples, DNA Profiles, Fingerprint Images and Associated Data.

d) Oversight of DNA and fingerprint exchanges with EU Member States in accordance with Title II of Part 3 of the Trade and Cooperation Agreement (Exchanges of DNA, fingerprints and vehicle registration data).

e) Oversight of DNA and fingerprint exchanges with non-EU Member States.

f) Considering applications for the release of data from the databases for use in research, including the consideration of requests from Forensic Service Providers testing new products or processes relating to DNA Profiles on the NDNAD. Such data shall be released only after taking advice from the Biometrics and Forensics Ethics Group and if (as a minimum requirement) the proposed use of the data:

• i) is within the law, taking into account in particular the requirements of PACE, as amended, and the Data Protection Act 2018;
• ii) conforms to ethical guidelines for the use of genetic information and any other applicable guidelines in force; and
• iii) is not likely to prejudice the integrity or reputation of the databases nor infringe the human rights of individuals or specific groups,

If the proposed use is approved, the Strategy Board will authorise the Forensic Information Databases Service to manage the release of data and its recall on its behalf on completion of the research.

g) The NPCC nominee of the Strategy Board will act as Joint Controller with the relevant Chief Officers of Police^{[footnote 1]} for all data held within the NDNAD, national fingerprint database, the Police Elimination database and any separate DNA-related database(s) created for the purposes of identification of a deceased person or body part (the Missing Persons and Vulnerable Persons databases). The data owner remains with the Force that completed the DNA sampling. The Chair will confirm the boundaries for the various data processors within the end to end DNA processes: from collection, labelling, transmission, analysis, searching, reporting and any other process deemed necessary. This will include an oversight of the contracts, Service Level Agreements and data and security exchange protocols.

h) Defining (and keeping under review):

• i) the level of security required and the arrangements for storage and access to the samples provided by law enforcement agencies for the creation of inputs for loading onto the forensic information databases; and
• ii) the level of physical and technical IT security required for the data held on the National DNA and fingerprint databases and by suppliers, taking account of the assurance provided by FINDS and the Home Office Chief Information Officer.

i) Ensuring that access arrangements to information on the National DNA and fingerprint databases are controlled by FINDS and approved by the FINDS Strategy Board. This approval should ensure the protection required for individuals under the law including the Data Protection Act 2018, the Freedom of Information Act 2000 and the Human Rights Act 1998.

j) It is the responsibility of FINDS to provide the Board with a report of the operation of the National DNA and fingerprint databases and any other relevant issues at each meeting. The provision of the report is critical to the Strategy Board discharging its responsibilities in having oversight of the databases, it is also equally important as a vehicle to raise issues and support future development.

k) The production of an Annual Report, in accordance with section 63AB(7) of PACE, as inserted by section 24 of the Protection of Freedoms Act 2012.

l) The production of guidance in relation to the Early Deletion policy in accordance with section 63AB(2) of PACE.

m) It is the responsibility of the Home Office representative to provide the Board with live Equality and Privacy policies for the National DNA and fingerprint databases. The equality and privacy policies may include recommendations in areas of potential impact on equality and privacy that the Board will seek to implement. The Home Office will be responsible for monitoring and updating these policies. The Board will be responsible for monitoring the National DNA and fingerprint databases and providing data as required in the equality and privacy policies.

n) Where DNA and fingerprint databases are maintained under devolved responsibilities or legislative provision for justice and policing, such as exist in Scotland and in Northern Ireland, the operational policies, procedures and management of those databases will be a devolved responsibility.

o) It is the responsibility of the Chair of the Strategy Board to assess requests from the police to carry out a familial search of the NDNAD, and where they consider the circumstances justify such a search, to approve the request in writing.

The Home Office Chief Information Officer shall be accountable for the integrity i.e. security, storage and access, of information held on the databases.

8.2 Additional Powers

The Strategy Board shall have such other powers and duties as are generally, specifically, expressly or implicitly vested in the Strategy Board under statute (including section 63AB of PACE, as inserted by section 24 of the Protection of Freedoms Act 2012) and these Governance Rules.

9. Chair

9.1 Appointment and Removal

a) The Chair will be appointed by NPCC.

b) The Core Members shall have the right to remove the Chair from time to time and to appoint another Chair in their place.

c) The Chair will arrange the Secretariat role for the Board.

9.2 Notice

a) Any appointment or removal of the Chair shall be effected by notice in writing to the Strategy Board, which shall take effect on delivery to the Secretary of the Strategy Board at their usual location or at any meeting of the Strategy Board.

b) Where the relevant notice is delivered to the Secretary, the Secretary shall distribute such notice to the Members.

10. Audit

Each Member agrees to provide to the House of Commons Public Accounts Committee (or any other committee of a House of Parliament or the Houses of Parliament themselves), the Controller and Auditor General, the Biometrics Commissioner and any other governmental organisation charged with the supervision of FINDS all reasonable assistance as may be necessary in order to enable such bodies to carry out fully and promptly any inspection, audit, check and/or monitoring of the National DNA and fingerprint databases, including, but not limited to:

a) Providing written responses and explanations to any questions or issues raised by such persons; and

b) Providing access to any personnel engaged at any time in connection with the National DNA and fingerprint databases and using all reasonable endeavours to procure that such personnel co-operate in such matters.

11. Delegation

11.1 Delegation of Functions

a) Subject to Clause 11.2, the Strategy Board may refer any aspect of its functions for discharge by any committee including one or more of its Members.

b) The composition of any committee of the Strategy Board shall be those committee members appointed by resolution of the Strategy Board to serve on such committee, pursuant to Clause 6.1.

11.2 Conditions of Delegation

Any such delegation may be made subject to any conditions the Strategy Board may impose and, subject to any such conditions or any provision to the contrary in these Governance Rules, the proceedings of a committee consisting of two or more members shall be governed by the provisions of Clause 12 of these Governance Rules so far as they are capable of applying and subject to a quorum of two, unless the Strategy Board specifies any alternative arrangements.

11.3 Reserved Powers and Delegated Powers

The Strategy Board will hear and act upon risks and take decisions in respect of key strategic aspects of the National DNA and fingerprint databases. Where the issue has a high risk rating it will usually be a matter reserved for the Board. The Board as a whole will, in certain circumstances, delegate detailed work on some issues to committees or working groups. These committees will report to the Board and will bring recommendations to the Board, save for some situations where the committee will have delegated powers to make decisions and inform the Board of the decisions made. Where a committee or a working group has delegated powers, it will be made clear in Terms of Reference for that committee or working group. The Board reserves the right to periodically alter issues which are reserved and delegated but decisions in this regard will be set out within the minutes.

12. Proceedings of the Strategy Board

12.1 General

Subject to the following provisions of this Clause, the Strategy Board shall determine the form and manner of its proceedings.

12.2 Meetings

The Chair shall convene meetings of the Strategy Board at least four times in each year, either at the Chair’s own volition or on being requested to do so by one of the other core Members as set out in Clause 5a above.

12.3 Notice

a) At least 14 days’ notice must be given of a meeting of the Strategy Board (or a committee of the Strategy Board); if due to urgent business a meeting must be convened at less than 14 days’ notice, any decisions taken shall only have effect with the written agreement of all core Members set out in Clause 5a above. The Chair shall ensure that a full agenda for a meeting of the Strategy Board, together with all information a Member would reasonably require to make an informed decision about the matters to be discussed at such meeting, are sent to the Members at least 5 working days prior to the meeting.

b) Any Member may waive the requirements of Clause 12.3(a) in relation to any notice being given to him and if so waived, such Member will be deemed to have duly received notice.

12.4 Chair

a) If the Chair is present, he or she shall be the Chair of meetings of the Strategy Board (or a committee of the Strategy Board, unless otherwise provided for in these Governance Rules).

b) If the Chair is not present, a temporary Chair shall be nominated by those Members present at the Strategy Board Meeting.

12.5 Quorum

The core attendance for a meeting of the Strategy Board must include representatives of the Home Secretary, NPCC and the APCC. Where this is not met, the Board will not take strategic decisions (e.g. decisions of principle or ethics), though the Board meeting will be permitted to proceed and take operational decisions.

12.6 Decision Making

a) While Board core Members represent various different stakeholder organisations and may speak at Board meetings to represent the views of that organisation, for Board decision-making the Board’s core Members are responsible collectively for all decisions made and therefore each Board core Member has equal responsibility for the collective decision making on all issues.

b) Unless expressly stated elsewhere in these Governance Rules, all issues arising at a meeting of the Strategy Board shall be decided by unanimity of the Core Members present at that meeting.

c) In the event that the core Members are unable to reach such a decision, a vote will be held. Each core member will have one vote each. The result of the vote shall be recorded in the minutes.

12.7 Conflicts of Interest

a) A Member (or any representative of that Member appointed in accordance with Clause 6) who has any personal or business interest or duty which conflicts or may conflict with the interests of the National DNA, and fingerprint databases in relation to any matter which is to be discussed at a meeting of the Strategy Board (or any committee thereof) shall disclose full details of such interest or duty to the meeting and such disclosure shall be noted in the minutes of the meeting.

b) A Member (or as the case may be) their representative shall not vote at a meeting of the Strategy Board (or any committee of a Strategy Board) upon any a matter in which he has, directly or indirectly, a personal interest and may (at the discretion of the Chair of the meeting) be asked to absent himself from that part of the meeting where such matter is discussed.

c) A Member shall nevertheless be counted in the quorum present at a meeting of the Strategy Board (or any committee of the Strategy Board) in relation to a resolution on which he is not entitled to vote by virtue of Clause 12.7.b).

d) The provisions of Clause 12.7 may be suspended or relaxed to any extent, either generally or in respect of any particular matter, by a unanimous decision of the Members.

12.8 Meetings by Video and Telephone Conferencing

Any Member may participate in a meeting of the Strategy Board (or a committee of the Strategy Board) by means of a conference telephone, video conferencing facility or similar communications equipment, which allows all persons participating in the meeting to hear each other. The security of such facilities should be appropriate to the material being discussed. A person so participating shall be deemed to be present in person at such meeting and shall be entitled to vote and be counted in the quorum. Such meeting shall be deemed to take place where the largest group of those participating is assembled, or, if there is no such group, where the Chair of the meeting is located.

12.9 Written Resolutions

a) A resolution of the Strategy Board (or a committee of the Strategy Board) in writing, signed by all the Core Members (or by such committee members as deemed appropriate by the Strategy Board), shall be as valid and effectual as if such resolution had been passed at a meeting of the Strategy Board (or a committee of the Strategy Board).

b) A written resolution for the purposes of Clause 12.9.a) may consist of an electronic document signed by email by each of the Core Members (or by committee members as appropriate).

c) Any Strategy Board or Committee member not required to sign a resolution must be consulted on its contents.

12.10 Minutes of Meetings

a) The Strategy Board shall keep minutes of all proceedings at meetings of the Strategy Board and of any committee of the Strategy Board which shall include:

• i) the names of the Members present at the meeting;
• ii) the decisions made at the meeting and, the views or statement of any persons present at such meeting; and
• iii) where appropriate, the reasons for the decisions.

b) Any such minute, if purporting to be signed by the Chair of the meeting at which the proceedings were held, or by the Chair of the next succeeding meeting, is evidence of the proceedings.

c) Minutes of each Strategy Board meeting will be published on the Home Office website following their ratification by Board Members.

13. Amendment of Governance Rules

a) These Governance Rules may be added to, repealed or amended by the agreement in writing of the Home Secretary.

b) All such changes shall be notified to the Members in writing in accordance with Clause 12.3 (Notice) not less than 14 days prior to the changes taking effect.

1. As defined in section 101(1) of the Police Act 1996. ↩