The wiping of records from the UK Police National Computer database - as revealed last week - was “likely” due to best practice not being followed linked to three key roles, says BCS, The Chartered Institute for IT.

The “coding error” that is said to have caused the loss of 150,000 records on the police database - including fingerprints, DNA and arrest history - had been blamed on human error.

Policing minister Kit Malthouse, said: “Unfortunately, down to human error, some defective code was introduced as part of routine maintenance earlier in the week, and that’s resulted in a deletion of some records that is currently under investigation.”

BCS said it was likely that a developer, test analyst and release manager would have all been part of the process leading up to the failure.

The incident highlights that IT practitioners should be accountable to independent professional standards, BCS said.

Adam Leon Smith, chair of the Software Testing Group at BCS, said: “Modern complex systems are resilient - failures rarely occur because of a single decision or error.

“In order to delete data from a live environment through a coding error, a failure needs to occur not just in the coding, but in the test design, or one of its supporting processes - such as making sure the right version of the software is in the testing environment.”

Smith said: “Even non-critical systems are typically backed up daily, so either a failure has occurred in the backup process, or something about the backout plan for the software change wasn't tested properly and has failed.”

He said developers, test analysts and release managers should work to best practices and professional standards, and suggested they hadn't been met in this case.

Ezat Dayeh, systems engineer manager at cloud data management vendor Cohesity, said: “It is hard to believe that there is no protection, no backup and no policies that would prevent this kind of data being lost.

“If they have only just discovered the deletion, then they should be able to recover this data within hours. If not, and if their backup doesn’t stretch back far enough, then questions need to be asked.”

Share Story: