Employers who carry out ‘back-door’ criminal record checks on potential employees could face criminal charges after it is finally outlawed.
There is a well-established lawful process for checking criminal records, but some rogue employers have tried to bypass that by demanding prospective employees use their rights under the DPA to see information held about them.
This ‘enforced subject access’ bypasses the legal criminal record check process, overriding safeguards that only allow for checks and disclosure of information appropriate to the role being applied for.
The practice will be outlawed from the 10 March, when a provision in the DPA is finally implemented after a 17 year wait. This makes it a criminal offence to require an individual to make a subject access request to get information about their convictions and cautions and provide that information to a person.
While the offence will often be linked to a job application, the law applies to any enforced subject access request required before entering into a contract for goods, facilities or services. This means it could also affect landlords or insurance companies, for instance.
An individual providing the results of a subject access request, rather than using the formal criminal record check system, runs the risk of sharing more information than they need to. This is because a subject access request requires all personal information to be disclosed (subject to some exemptions), and so could include cautions and spent convictions, which may not be shared in a formal criminal record check if they would be irrelevant to the reason for the check.
Jonathan Bamford, ICO’s Head of Strategic Liaison, said: “Enforced subject access request is a practice that, at its worse, costs people jobs.
“We have a clear system in this country for employers to make criminal record checks, with checks and balances to ensure that an appropriate amount of detail is provided based on the job being applied for. Circumventing that process means a minor offence someone committed twenty years ago could stop them getting a job now. This undermines legal safeguards around rehabilitation.
“I’ve been involved in negotiations to see this practice outlawed for almost 20 years. It’s been a long road, but this law change is a sensible and proportionate step that stops people’s rights being abused and laws protecting them undermined.”
The ICO has published guidance setting out the offence, which is created under section 56 of the Data Protection Act:
Enforced subject access requests – section 56 (For organizations)
The Disclosure and Barring Service provides information for employers on making criminal record checks:
Criminal record checks: guidance for employers (external link)
SOURCE: Information Commissioner’s Office