The Police Information and Records Management (PIRM) Code of Practice

  • May, 07, 2026

The Police Information and Records Management (PIRM) Code of Practice is a statutory guidance document in the UK issued under section 39 of the Police Act 1997. The July 2023 edition updates previous versions to reflect changes in policing practice, data management, and digital record-keeping. It provides standards for police forces in the management, retention, sharing, and disposal of information and records.

The code is intended for:

  • Police officers and staff
  • Partner agencies that handle police information
  • Forces’ information management units

It ensures compliance with legislation, including:

  • Data Protection Act 2018
  • GDPR
  • Freedom of Information Act 2000
  • Management of police records for investigations, intelligence, and administrative purposes

Key Principles

  1. Accuracy and Integrity
    • Information must be accurate, complete, and up-to-date.
    • Corrections and updates must be made promptly.
  2. Lawful and Ethical Use
    • Information must only be used for legitimate policing purposes.
    • Misuse or unauthorised disclosure is prohibited.
  3. Data Retention
    • Records should be kept only as long as necessary for their purpose.
    • Retention schedules vary depending on the type of record (crime reports, intelligence, personnel records).
  4. Security and Confidentiality
    • Records must be protected against unauthorised access, loss, or damage.
    • Digital systems must be secure and auditable.
  5. Access and Sharing
    • Access should follow a ‘need-to-know’ principle.
    • Sharing with partner agencies must comply with legal frameworks and memoranda of understanding.
  6. Recordkeeping Standards
    • Information must be recorded consistently, clearly, and in a retrievable format.
    • Forces should maintain audit trails and metadata for digital records.
  7. Disposal
    • Records that have reached the end of their retention period must be disposed of securely.
    • Some records may be archived for historical or legal purposes.

Recent Updates (July 2023)

  • Emphasis on digital record management and the use of modern IT systems.
  • Clearer guidance on intelligence handling and crime reporting standards.
  • Alignment with the UK GDPR principles and human rights requirements.
  • Enhanced guidance on data sharing with external partners and cross-border information exchange.
  • Inclusion of audit and compliance expectations to ensure transparency and accountability.

Why It Matters

  • Ensures public trust by safeguarding sensitive data.
  • Reduces legal risk from mismanagement of information.
  • Standardises practices across forces for consistency and interoperability.
Section / TopicKey RequirementsRetention / DisposalAccess / Sharing Notes
1. Introduction & PurposeSets out standards for the management of police information and records. Establishes responsibilities for officers, staff, and partner agencies.N/AN/A
2. Principles of Recordkeeping– Accuracy, completeness, and timeliness
– Ethical and lawful use
– Accountability and auditability		Records retained only as necessary for operational, legal, or historical purposesAccess limited to authorised personnel; audit trails required
3. Recording Crime & Intelligence– Use standardised formats
– Include all relevant details
– Update promptly when circumstances change		Crime reports: minimum statutory retention (varies by offence type)
Intelligence: reviewed regularly, retained as needed		Shared with other forces/partners only under legal or MoU frameworks
4. Data Accuracy & Quality– Regular reviews for accuracy
– Correct errors promptly
– Avoid duplication		Duplicate or obsolete records must be resolved or removedPersonnel responsible for accuracy at the point of entry; supervisory checks recommended
5. Data Protection & Confidentiality– Compliance with UK GDPR & Data Protection Act 2018
– Protect sensitive and personal data		N/ANeed-to-know access only; encryption and secure systems required
6. Record Retention & Disposal– Apply retention schedules consistently
– Legal and operational needs determine duration		– Some records are archived indefinitely for legal/historical reasons
– Secure deletion/shredding after expiry		Disposal must prevent unauthorised recovery
7. Digital Recordkeeping– Maintain metadata and audit trails
– Ensure system integrity
– Use approved IT systems		Digital records follow the same retention/disposal rules as physical records.Access controlled by roles; logging of user actions mandatory
8. Sharing & Disclosure– Only share for legitimate policing purposes
– Follow MoUs and legal requirements		Shared copies may be subject to separate retention rulesRecord all disclosures; limit sharing to the minimum necessary
9. Audit, Compliance & Governance– Regular audits of record management practices
– Ensure adherence to Code		N/ACompliance reports to senior officers; corrective action for breaches
10. Training & Responsibility– Staff and officers must be trained
– Clear accountability for records management		N/ASupervisors ensure adherence; continuous professional development is encouraged.

Notes on Retention Periods

The Code specifies general guidance, but exact retention depends on:

  • Type of record: Crime reports, intelligence, custody records, personnel files.
  • Legal obligations: Some records must be kept for statutory periods (e.g., serious crimes, child protection).
  • Operational need: Intelligence may be deleted after review cycles if no longer relevant.