The police have a problem. They are trapped between the dictates of the law and the demands of those they serve. The problem concerns the national intelligence database, and efforts to ensure that police forces can be alerted to information collected in any region, so that the kind of mistakes that allowed Ian Huntley to kill Holly Wells and Jessica Chapman will not be repeated after the system goes live in 2005.

There are many difficulties to be overcome, though, before such a system - to be called Impact - can actually work. Each regional police force operates essentially independently, and although there is some uniformity in their systems, there are also many differences, in terms of data formats, processing and requirements. Stitching a coherent whole from each of these diverse intelligence systems will not be easy. Ensuring the security and integrity of the databases will also be difficult; and it will be hard to keep the project within budget - as we have seen with very many public sector projects in the past.

But perhaps the biggest difficulty concerns the nature of the data to be processed: personal data that is not necessarily related to a particular investigation, and which is "owned" by the individual police forces. The 1998 Data Protection Act might prove a difficult hurdle to cross.

The eight principles of the Data Protection Act require that personal data is collected for a specific purpose, processed in an agreed manner, kept for the minimum period, available for checking and correcting by the data subject, and not shared other than with their permission. Section 49 of the act allows the police to collect and process personal data without such permissions in the pursuit of specified investigations - a power that is exercised, for example, in the collecting of specific personal data from telecoms companies and ISPs in the investigation of computer crimes.

But the data collected in this way is for a known and on-going investigation, and is held by a particular data controller - the police force doing the collection. Because the UK does not have a national police force, the individual forces sharing the intelligence information are in much the same position as a confederation of direct marketing companies seeking to amalgamate a collection of contact databases. The data is not owned collectively but individually.

For specific, on-going investigations the sharing of intelligence is not a problem - other than at the technical level of actually formatting the data. For criminal records there isn't a problem: the Criminal Records Bureau already has a way of achieving this sharing. And for major criminal investigations, the intelligence dissemination service at the National Criminal Intelligence Service already exists. But Impact is intended to share more operational intelligence: details of interviews with potential witnesses to a crime, of the location and travel plans of those witnesses, etc. Justifying the sharing of this information will be harder to achieve.

Of course, this problem can be solved if there is a national body responsible for the intelligence - though this will require more co-operation between the various fiefdoms of the police forces. And that is the true challenge of Impact.