CRB's IT failure forces employers to misuse Data Protection Act

The UK's data protection watchdog has asked the government to introduce new laws to prevent employers ordering job applicants to...

The UK's data protection watchdog has asked the government to introduce new laws to prevent employers ordering job applicants to use the Data Protection Act to obtain copies of their police files, following a series of IT-related delays at the Criminal Records Bureau.

Information commissioner Richard Thomas has told the Lord Chancellor's Department that it should take steps to outlaw the practice now, rather than wait "indefinitely" for the CRB to begin offering a basic criminal checking service to employers.

The ability of the CRB's IT systems to deal with the demand from employers was called into question by an independent review earlier this year which called for new electronic systems to be introduced to clear the massive backlog of applications for high-level checks against teachers and childcare workers.

The government, which is renegotiating its £400m contract with Capita to provide and manage the IT systems for the bureau, has been forced to postpone the most simple basic background checks until new systems capable of dealing with the demand are introduced.

Meanwhile, requests to the police for copies of personal files under the Data Protection Act are putting police resources under strain, the data watchdog said last week. Many requests are made by people seeking overseas travel visas, who need to prove they have clean criminal records.

"The police receive thousands and thousands of what they believe are enforced subject access requests. A lot of police time and resources are devoted to these subject access requests," said assistant information commissioner David Smith.

The Office of the Information Commissioner is concerned that until the CRB service is up and running, enforced access by employers could put job applicants at a disadvantage by disclosing spent convictions that should have elapsed under the Rehabilitation of Offenders Act.

In a letter to the Lord Chancellor's Department, disclosed last week, Thomas warned that enforced subject access "undermines the important public policy objective of enabling those with a criminal record to put their pasts behind them".

Although the government introduced measures to outlaw the practice in the Data Protection Act 1998, they will only come into force when alternative criminal record checks are available throughout the UK.

But the failure to provide a service in Northern Ireland, and the indefinite postponing of basic record checks for England and Wales, means that these conditions might never be met unless further legislation is introduced, said Thomas.

Read more on IT legislation and regulation