The UK's privacy watchdog revealed that it does have some teeth afterall when it raided the company responsible for running an illegal database on "problem" construction industry workers.
The Information Commissioner's Office (ICO) seized the database, which contained details of employment history and trade union activities of construction workers, from the Consulting Association in Droitwich, West Midlands last week.
"This is proof the ICO is far from being a toothless tiger among regulators," says Paula Barrett, partner at international law firm Eversheds.
Consulting Association owner Ian Kerr ran the database for 15 years. He charged construction firms a £3,000 annual subscription fee, supplying personal details about construction workers to employers which wanted to vet staff before hiring them.
He faces prosecution for breaching the Data Protection Act, which requires data controllers to register and be open about how they process personal information.
David Smith, deputy information commissioner, says the ICO is considering taking action against these firms for using the database.
This case, one of the first major interventions by the ICO against a private firm, should serve as a cautionary tale against vetting employees in this way, says Barrett.
|Stick to the rules when vetting potential employees|
|Vetting should only be used to address specific justifiable risks in an open way with the consent of those involved.|
|Organisations should select information providers with care. As users of the information they too could be charged under the Data Protection Act.|
|Ask questions about how agencies collect their data. If in doubt, donot use it.|
|Make sure you have a contract that gives assurances that the information collected complies with the Data Protection Act.|
Information Commissioner's Office