ICO closes down illegal blacklist database

A 30-year covert operation to build a database in Droitwich blacklisting union activists in the construction industry has come to its end, following investigations by the Information Commissioner's Office.

One morning in February 2009, two investigators from the Information Commissioner's Office (ICO) knocked on the door of The Consulting Association, set discreetly off an alley in Droitwich, West Midlands.

A 30-year covert operation to build a database blacklisting union activists in the construction industry was about to come to an end.

The raid was the culmination of one of the ICO's most ambitious investigations. The data watchdog took unprecedented legal steps during its eight-month probe. It named more than 40 of the country's biggest construction companies as having potentially broken data laws. And the investigation led to questions in parliament and a promise by the government to outlaw blacklisting.

From 1919 onwards, the Economic League was the most prominent organisation involved in the blacklisting of so-called subversives. It was paid by companies, and worked closely with Special Branch, to compile databases of individuals. It was wound up in the early 1990s after pressure from the media and parliament exposed its flawed operations.

Many of its operatives went to ground and the files went with them. Ian Kerr, the 66-year-old who ran The Consulting Association, was one of them. Kerr had worked for the organisation spying on trade unions, according to a former director general of the Economic League. "He was a key guy. He was one of our most effective research people. His information was genuine and reliable," he said in a newspaper interview.

Construction blacklist comes to light

For years, rumours circulated in unions that the construction industry in particular still used blacklists. But how they operated was a mystery. Last summer, The Guardian talked to construction workers who said they had been blacklisted.

Blacklisted construction workers outside Macclesfield Magistrates
Court (from left to right: Tony Jones, Howard Nolan,
Steve Acheson, Graham Bowker, Sean Keaveney)

One was Steve Acheson, a 55-year-old electrician from Manchester who had barely worked in a decade. He had won an employment tribunal for wrongful dismissal. The tribunal, unusually, had accepted evidence that Acheson had been blacklisted.

The article landed on the desk of David Clancy, investigator for the Information Commissioner. On the door to the office he shares with his three fellow investigators, all with police, military or Customs and Excise background, there is a sign saying "Abandon hope all ye who enter here".

Clancy's first job was to establish if there was a case worth looking into. So he talked to Steve Acheson.

"The day he turned up, I had just received a letter turning me down for work," said Acheson. "I told him he could not have come at a better time. "I didn't think he would find much. I told him this, but he said, 'Once I get my teeth into something I don't let go.'"

Clancy tracked down Alan Wainwright, a former construction company manager, who gave key evidence in Acheson's tribunal. Wainwright had a huge amount of information to share. It was clear that there was a prima facie case that required investigating.

The ICO investigators believed that construction firm Haden Young had information they required. The ICO took the unprecedented step of making an unannounced raid on the firm's premises. This power, under Section 9 of the Data Protection Act, had not been used before in a case of this kind. The raid ultimately led the ICO to The Consulting Association and Kerr.

On the blacklist 

Alan Wainright, who worked as a manager in the construction industry, gave crucial evidence in an industrial tribunal brought by 55-year-old electrician, Steve Acheson, which exposed the illegal practice of blacklisting in the construction industry.

Wainright worked for construction firms Crown House, Drake and Scull, and Haden Young. He came across Ian Kerr, who ran The Consulting Association, in 1997, and found each firm made use of Kerr's services.

He was told that Kerr was a private investigator employed to carry out checks on staff to identify undesirable employees. And Kerr told him that many construction companies supplied him with information.

Laing O'Rourke, which now owns Crown House, Emcor, which owns Drake and Scull, and Balfour Beatty, owner of Haden Young, say they do not condone blacklists.

Wainwright left Haden Young in 2006. He launched and lost an employment tribunal and became convinced that he too had been blacklisted. But no one seemed interested in his story, until now.

Evidence of illegal data trading

Construction firms paid a £3,000 annual fee to The Consulting Association and a further £2.20 for a single name search. More than 40 of the biggest names in the industry had, at one time or another, subscribed.

Yet for all the money flowing in, the investigators were confronted with a shabby two-room office. The furniture dated from the 1970s and 1980s, with an electric typewriter on one of the desks and a sophisticated photocopying machine.

Almost immediately, one of the investigators found a ring-binder in a rather tatty plastic cover. Inside it were names, addresses and national insurance numbers.

Then they found a card index. It very much resembled the way a police local intelligence filing system might work.

Card index database seized from Kerr’s office

It was organised alphabetically and each card related to a name in the folder. The cards contained newspaper clippings, employment history and personal comments. There were files on 3,213 construction workers. The companies named in the files were only identified by code numbers, details which Kerr later gave to the ICO. Also recovered were invoices from some of the firms which subscribed to The Consulting Association.

Clancy describes seizing the database as being "like Christmas".

"This had been going on for years," he says. "Steve Acheson and others had never been able to get to the bottom of it, but suddenly we had an answer. It was a nice feeling."

Kerr admits to crime

Kerr subsequently pleaded guilty before magistrates in Macclesfield to breaking data protection laws and is due before a crown court for sentencing. He faces an unlimited fine or imprisonment. Magistrates also ordered a full disclosure on the organisation and membership of The Consulting Association.

The ICO is now considering issuing information notices to some 20 construction companies to warn them to handle data correctly. More than 120 people have recovered their blacklist files via the ICO and unions are planning group legal actions against those responsible.

A page from Graham Bowker's file

There is a feeling of satisfaction at the ICO about how this particular investigation has panned out. It is easy to forget that it could have ground to a halt at several key stages. It may not even have started if the ICO employee had not seen the newspaper article. The hearing before the judge over the raid set a legal precedent but could have failed. The Haden Young raid could have blown the operation. A simple phone call could have alerted Kerr to the ICO's interest. As it turned out, if there was a call, Kerr did not stop.

Even on the day his premises were raided, the investigators only got in because the owner of adjoining property let them in through a communal door. "The stars must have been all aligned," says Clancy.

New powers to aid future investigations

Proposals under the Coroners and Justice Bill could give the ICO new powers that will make investigations like this more commonplace.

For instance, it would enable the ICO to do spot checks on government departments to make sure their data handling processes are correct. The ICO argues that the same right should also be extended to the private sector.

Information notices could also be served on third parties during investigation. This would oblige it to provide information or face a contempt of court charge.

Clancy says such powers would have helped his investigation.

He admits that these are "quite serious powers", but says the effect that Kerr's blacklist had on more than 3,000 people over the past few decades shows the equally powerful impact data can have in the wrong hands

Ian Kerr: guilty 

Ian Kerr pleaded guilty last month to running a covert database containing personal information used to blacklist more than 3,000 construction workers.

Magistrates in Macclesfield sent Kerr for sentencing at crown court because they believe the maximum £5,000 fine they could impose was not sufficient. The crown court can impose an unlimited fine.

They ordered full details on Kerr's firm, The Consulting Association, be disclosed so the court could properly sentence him.

Kerr's offices were raided by officials from the Information Commissioner's Office (ICO) in February following a nine-month investigation.

Kerr was charged with offences under the Data Protection Act of not registering as a data user and not handling data correctly. Kerr's solicitor, James Strong, told the magistrate that Kerr was only an employee of The Consulting Association, drawing a £47,000 annual salary, but he was unable to give any further information about the group.

Mick Gorrill, assistant information commissioner, said that Kerr's offences "went to the heart" of the Data Protection Act because people were unaware of the information held on them and could not check it.

The information commissioner is now looking at issuing enforcement notices against some of the construction firms which subscribed to Kerr's services.

A dozen construction workers who had been blacklisted were at the court to hear the verdict.

Steve Acheson, a blacklisted Manchester electrician, said, "People have got a right to be a trade union member and it is not right you should be blacklisted just for that. I am pleased at what has happened."

Read more on IT legislation and regulation