Big news today about a company which was holding, processing and selling personal data which was obtained with questionable means and without applicant consent. Powerchex issued the following press release:
____________________________________________
“Show respect for personal data” warns pre-employment screening company Powerchex
The Information Commissioner’s Office is showing its teeth in a case that may spur far reaching regulation of companies that maintain and sell personal data.
As part of an investigation of the Guardian, The Information Commissioner’s Office closed down an investigating firm that was maintaining and selling data from an illegal database. Buyers of the information, which include some of the biggest construction firms in the UK, will also be prosecuted.
Yesterday David Smith, the deputy information commissioner, said: "This is a serious breach of the Data Protection Act. "Not only was personal information held on individuals without their knowledge or consent, but the very existence of the database was repeatedly denied [by the industry]. "The covert system enabled Mr Kerr to unlawfully trade personal information for many years, helping the construction industry to vet prospective employees. Kerr held information on thousands of construction workers and profited by checking names against his database."
“Companies have often shown a cavalier attitude on how they store, transmit and protect personal data” states Alexandra Kelly, Managing Director of pre-employment screening company Powerchex.
“Light sentences from the Information Commissioner, as well as a perceived impression that companies that break the code will not be prosecuted have resulted in a lax treatment of personal data including employee, customer and other such sensitive data.”
The Financial Services Authority, which regulates the UK financial services sector, recently issued a consultation paper to help firms ensure that they treat customer and employee data in a secure fashion.
Examples of good practice in terms of treating personal datas laid out in the report include:
· All customer/employee data to be disposed of securely using shredders or confidential waste bins
· Treating all data as confidential waste to eliminate confusion about which type of bin to use.
· Providing guidance for travelling or home-based staff on the secure disposal of customer data
· Conducting due diligence of data security standards at third-party suppliers before contracts are agreed
· Regular reviews of third party suppliers’ data security systems and controls
· Ensuring tht third-party suppliers’ vetting standards are adequate
· The use of secure internet links to transfer data to third parties
“Companies that handle personal data should make sure that third parties who process this data are also compliant with the Data Protection Act” says Kelly, “and of course, everyone must be registered with the Information Commissioner” she concludes.
________________________________________________________
The Guardian that broke the story after investigating reported:
More than 40 major British companies face legal action for allegedly buying secret personal data about thousands of workers they wanted to vet before employing them.
The information commissioner, Richard Thomas, will today publish a list of the companies he believes may have broken data protection laws, after an investigation by his office that was sparked by fears that many workers were being unfairly "blacklisted".
The commissioner alleges that the firms, including Balfour Beatty, Sir Robert McAlpine, Laing O'Rourke and Costain, have, for many years, covertly bought details of workers' trade union activities and their conduct at work.
Thomas believes that workers have been unfairly denied employment because they have had no chance of challenging any inaccurate information, some of which has been stored for decades.
Asked by the Guardian to respond to the claims, many companies refused to comment. Others denied using the data to "blacklist" troublesome workers covertly, or said they had stopped buying the data.
The commissioner has already taken action rapidly to close down a private investigator who is accused of clandestinely compiling an "extensive intelligence database" of 3,000 workers with details that stretch back to the 1980s.
The commissioner is to prosecute the private detective, Ian Kerr, who is accused of selling the information to companies in the construction industry when they wanted to vet potential staff. Thomas said he had seized documents which, he says, show that files on individuals included comments such as "communist party", "ex-shop steward, definite problems, no go", "do not touch", "orchestrated strike action" and "lazy and a trouble-stirrer".
David Smith, the deputy information commissioner, said: "This is a serious breach of the Data Protection Act. Not only was personal information held on individuals without their knowledge or consent, but the very existence of the database was repeatedly denied.
The covert system enabled Kerr to unlawfully trade personal information on workers for many years, helping the construction industry to vet prospective employees.
"Kerr held information on thousands of construction workers and profited by checking names against his database.
"Trading people's personal details in this way is unlawful and we are determined to stamp out this type of activity."
Construction workers have long complained that they have been stopped from getting work because companies were covertly turning away people they believed to be active trade unionists. Hard evidence has, until now, been hard to come by, and the construction industry has always denied it.
Steve Acheson, who believes he has been blacklisted, said he was "absolutely thrilled" by the findings of the commissioner's investigation.
The electrician, 55, from Denton in Manchester, said: "I've been angry for so long. It affects your character and demeanour - it's the fact it's so blatantly unjust. I was disgusted that one man could make a living from denying other men the right to work".
The Labour government has been criticised for passing a law banning the practice of so-called blacklists in 1999, but then, in a U-turn, deciding not to take the final step of implementing the law on the grounds that "there was no hard evidence that blacklisting was occurring". Technically, therefore, "blacklisting" is still legal.
Last night, the Department for Business, Enterprise and Regulatory Reform said it was prepared to review its position.
"The government is committed to monitoring any evidence that blacklisting is resurfacing in the UK," said a spokesman for the department. However, the information commissioner has powers to take action if he believes data protection laws have been broken.
His officials raided the offices of Kerr, the private investigator, in Droitwich, Worcestershire last week, seizing what the commissioner calls "an intelligence database" of 3,213 individuals.
Thomas said the "comprehensive card index system" held "sensitive" personal data, including details of trade union activity, employment conduct and personal relationships.
He added there was also information about whether the individual "may pose a threat to industrial relations between an employer and its employees". Some information was more than 30 years old, he said.
He has also seized invoices, which he says were issued by Kerr to companies for checking names on his database. He said they showed that the companies had paid Kerr an annual subscription and then a fixed fee for each name they wanted him to run through his database.
The Guardian understands that, in what appears to be a system for centralising records in the construction industry, companies sent information to Kerr so that it could be pooled with other firms.
Kerr agreed to close his business after the commissioner ordered him to stop selling the contents of the database on the grounds he had broken data protection laws.
Yesterday, Kerr said he was not operating a "blacklisting" service as he never made any judgments about the individuals and instead left it up to companies to decide whether to employ them.
Thomas launched his investigation last summer after an article in the Guardian about alleged blacklisting in the construction industry. The commissioner intends to order the construction companies to stop buying workers' personal data.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment