ICO considers action against users of illegal construction worker database

The UK's privacy watchdog revealed that it does have some teeth after all when it raided the company responsible for running an illegal database on...

The UK's privacy watchdog revealed that it does have some teeth afterall when it raided the company responsible for running an illegal database on "problem" construction industry workers.

The Information Commissioner's Office (ICO) seized the database, which contained details of employment history and trade union activities of construction workers, from the Consulting Association in Droitwich, West Midlands last week.

"This is proof the ICO is far from being a toothless tiger among regulators," says Paula Barrett, partner at international law firm Eversheds.

Consulting Association owner Ian Kerr ran the database for 15 years. He charged construction firms a £3,000 annual subscription fee, supplying personal details about construction workers to employers which wanted to vet staff before hiring them.

He faces prosecution for breaching the Data Protection Act, which requires data controllers to register and be open about how they process personal information.

Prominent construction firms Balfour Beatty, Sir Robert McAlpine, Taylor Woodrow and Laing O'Rourke are listed among Kerr's past and present subscribers.

David Smith, deputy information commissioner, says the ICO is considering taking action against these firms for using the database.

This case, one of the first major interventions by the ICO against a private firm, should serve as a cautionary tale against vetting employees in this way, says Barrett.

Stick to the rules when vetting potential employees 
Vetting should only be used to address specific justifiable risks in an open way with the consent of those involved.
Organisations should select information providers with care. As users of the information they too could be charged under the Data Protection Act.
Ask questions about how agencies collect their data. If in doubt, donot use it.
Make sure you have a contract that gives assurances that the information collected complies with the Data Protection Act.

Useful links:

Information Commissioner's Office

Data Protection Act

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.