Employers who carry out ‘back-door’ criminal record checks on potential employees could face criminal charges after it is finally outlawed, the data protection watchdog the ICO (Information Commissioner’s Office) reports.
The ICO points to a well-established lawful process for checking criminal records, but some employers have tried to bypass that by demanding prospective employees use their rights under the Data Protection Act (DPA) to see information held about them. This ‘enforced subject access’ bypasses the legal criminal record check process, overriding safeguards that only allow for checks and disclosure of information appropriate to the role being applied for.
The practice will be outlawed from March 10, when a provision in the DPA is finally implemented after a 17 year wait. This makes it a criminal offence to require an individual to make a subject access request to get information about their convictions and cautions and provide that information to a person. While the offence will often be linked to a job application, the law applies to any enforced subject access request required before entering into a contract for goods, facilities or services. This means it could also affect landlords or insurance companies, for instance.
An individual providing the results of a subject access request, rather than using the formal criminal record check system, runs the risk of sharing more information than they need to. This is because a subject access request requires all personal information to be disclosed (subject to some exemptions), and so could include cautions and spent convictions, which may not be shared in a formal criminal record check if they would be irrelevant to the reason for the check.
Jonathan Bamford, ICO’s Head of Strategic Liaison, said: “Enforced subject access request is a practice that, at its worse, costs people jobs. We have a clear system in this country for employers to make criminal record checks, with checks and balances to ensure that an appropriate amount of detail is provided based on the job being applied for. Circumventing that process means a minor offence someone committed twenty years ago could stop them getting a job now. This undermines legal safeguards around rehabilitation. I’ve been involved in negotiations to see this practice outlawed for almost 20 years. It’s been a long road, but this law change is a sensible and proportionate step that stops people’s rights being abused and laws protecting them undermined.”
The ICO offers an enforced subject access guidance on the criminal offence created under section 56 of the DPA.
