Uncovered: a database containing details on 3,213 construction workers which was used by over 40 construction companies to vet individuals for employment. The information, held by the Consulting Association, includes construction workers’ personal relationships, trade union activity, and employment history.
An investigation by the Information Commissioner’s Office (ICO) has uncovered a database containing details on 3,213 construction workers which was used by over 40 construction companies, to vet individuals for employment. The information includes sensitive personal information such as construction workers’ personal relationships, trade union activity, as well as people’s employment history.
The information was seized by the ICO during a raid in Droitwich, West Midlands on February 23. Ian Kerr, the owner of a firm known as the Consulting Association, appears to have run the database for over 15 years, according to the ICO. The ICO has uncovered evidence at Kerr’s premises that named construction firms subscribed to Kerr’s system for a £3,000 annual fee. Companies could add information to the system and pay £2.20 for details held on individuals.
Invoices to construction firms for up to £7,500 were seized during the raid. The ICO has served an Enforcement Notice ordering Mr Kerr to stop using the system. Mr Kerr is to cease trading, and he now faces prosecution by the ICO for breaching the Data Protection Act.
Deputy Information Commissioner, David Smith, said: “This is a serious breach of the Data Protection Act. Not only was personal information held on individuals without their knowledge or consent but the very existence of the database was repeatedly denied. The covert system enabled Mr Kerr to unlawfully trade personal information on workers for many years helping the construction industry to vet prospective employees. The Data Protection Act clearly states that organisations must be open about how they process personal information, and in most cases those processing personal information must register with the ICO – Mr Kerr did not comply with the law on either count.
“On raiding Mr Kerr’s business premises we discovered an extensive operation involving household names in the construction industry. Kerr held information on thousands of construction workers and profited by checking names against his database.
“We will prosecute Mr Kerr and we are also considering what regulatory action to take against construction firms who have been using the system. I remind business leaders that they must take their obligations under the Data Protection Act seriously. Trading people’s personal details in this way is unlawful and we are determined to stamp out this type of activity.”
From 16 March the ICO will operate a dedicated enquiry system for people who believe personal information about them may be held on the database. Members of the public are advised not to contact the ICO until 16 March. The ICO’s action follows an article, entitled Enemy at the Gates, published by The Guardian newspaper on 28 June 2008. According to the ICO, this is the first case where the ICO has used issued an Enforcement Notice with a seven day compliance condition. Ian Kerr breached the Data Protection Act, the ICO says, by unfairly and unlawfully processing personal information. He failed to notify the ICO as a data controller.
http://www.ico.gov.uk/
News that up to 40 construction firms are being investigated for allegedly buying confidential data on job applicants highlights the pitfalls employers should avoid, say the Chartered Institute of Personnel and Development (CIPD).
The construction firms, which include some of the biggest names in the industry, are being probed by the Information Commissioner for allegedly buying access to a ‘blacklist’ of people identified as troublemakers, unreliable workers or union activists.
The consulting company that kept the ‘blacklist’, which contained the names of 3,000 workers, is facing prosecution.
“This case illustrates why it is so important that employers understand their responsibilities and potential liabilities under data protection law,” said Ben Willmott, CIPD senior public policy adviser. “The CIPD welcomes the action taken by the Information Commissioner against the offending organisation as this will not only help raise awareness among those in breach of the law, but also encourage them to improve their approach. Employers that ignore their legal obligations risk reputational damage and potential prosecution in the courts.”
The processing of sensitive personal information, including details of union membership, is almost always illegal unless the individual has given their consent, Willmott added.
Unite’s joint general secretary, Derek Simpson, said that the revelations exposed the “rot” in the construction business and called for a wider investigation into the industry. “The use of blacklists shows just how determined employers are to aggressively exclude workers who they unjustifiably deem unfit to work in the industry,” said Simpson. “So far this year we have seen waves of unofficial action because of employer practices aimed at excluding UK-based labour from even applying for work on certain construction sites. Now we have undeniable evidence that employers are using covert information to blacklist workers for legitimate trade union activities.”
