Download a PDF of Chapter 7 – Governance and ethical oversight (18 pages)
Since this report was published, there have been a number of developments in this area of law. The information below applies to the time at which the report was published. For information about changes since 2007 please see:
The forensic use of bioinformation – 2010 update (PDF 31 KB)
Laws governing the collection and retention of forensic bioinformation have been gradually added to over the years, and as a result are confusing.
The regulation of forensic databases should be clearly enshrined in law. This should include oversight of research using the National DNA Database and other access requests.
Ethical oversight of the DNA Database
The potential uses and abuses of forensic databases are considerable and any possible harmful effects must be minimised. The Home Office has recently established an Ethics Group to advise the DNA Database Strategy Board on policy, which we welcome.
The Ethics Group should adopt an ethics and governance framework to clarify its role, relationships with other bodies, responsibilities, powers and how it will maintain its independence.
Removing DNA from forensic databases
If requested, Chief Constables can decide whether to remove the records and samples of an individual from a police database if there are ‘exceptional circumstances’. The ‘exceptional circumstances’ criteria are very restrictive, and the Chief Constables’ discretion is wide.
An independent body, along the lines of an administrative tribunal, should oversee requests from individuals to have their profiles removed from bioinformation databases. The police should have to justify the need for retention.
International exchange of forensic data
Countries in the European Union and beyond are expanding their bioinformation databases, and demands are increasingly being made for data to be shared among international law enforcement agencies. Between 2004 and 2006, around 400 searches were performed on the UK’s Database in response to requests from overseas.However, privacy laws vary from country to country.
There should be safeguards in place to protect sensitive information on the UK DNA Database being shared with other countries. There should be agreement about:
- the level of data protection in all authorities or agencies that receive information
- the criteria for sharing data, for example only for the investigation of serious crimes or in special circumstances
- sharing only as much information as is necessary to meet the request and only to those authorities or agencies that ‘need to know’