Data Protection Policy Construction
The anticipated compensation scheme, by which construction companies may voluntarily pay back millions of pounds to blacklisted workers, serves as a timely reminder to ensure they are compliant with their current and future data protection responsibilities.
The blacklist begins…
Workers involved on some of the biggest construction projects in recent history, such as the Olympic Park, the Jubilee line extension and the Millennium Dome, discovered in October that they may be entitled to compensation if they were named on an industry-wide blacklist dating back to the 1980s.
The Consulting Association kept sensitive personal data of over 3, 200 individuals, often including information extending to their National Insurance details, car registration number, their personal relationships and trade union activity. 43 of the biggest construction companies in Britain, including Sir Robert McAlpine, Carillion and Balfour Beatty, subscribed to this blacklist which informed them of potential 'troublemakers' in the industry, 'militant ringleaders' and unsubstantiated allegations of benefit fraud.
This secret documentation led to listed workers being denied any future employment, for reasons beyond their knowledge. Only after an Information Commissioner's Office (ICO) raid in 2008 did the full picture emerge and legal action commence.
The ICO reaction
Ian and Mary Kerr, who ran the Consulting Association, were fined £5, 000 for breach of the Data Protection Act 1998 (DPA): in failing to notify as a data controller. The ICO also served 14 enforcement notices against some of the construction companies involved to stop them using the information on the list.
Had the unlawful processing of personal data taken place after changes in the law in April 2010, monetary penalties of up to £500, 000 would have been imposed as well. However, as no evidence of such processing was found after this date, the ICO did not have the power under the DPA to issue stronger penalties.
What can construction firms do now to avoid such penalties?
Firms must now ensure that if they obtain personal information about job applicants from third parties, they must be completely open with those applicants about the process. As the ICO has explicitly stated, it is a breach of the DPA to use personal data covertly to vet workers for employment.
With increased awareness from the blacklisting press coverage, former employees and contractors will want to know what information construction companies hold about them and whether it is inaccurate or not. Construction companies should prepare themselves for handling an increased number of subject access requests.
What knock-on effects will the proposed EU Data Protection Regulation have?
The Regulation will overhaul the current patchwork of often outdated national laws by having one single piece of legislation. It is still to be negotiated with national governments in the council and we expect that a final draft of the Regulation will be approved by May 2014.
You might also like
24 successful flights with same O-ring designby iamlucky13
It was mainly a management failure. The O-rings were built according to the design, so it was not a construction failure. Obviously, the engineers failed to provide enough protection, but they had tested the boosters in most conditions.
Yes, the O-rings had insufficient safety margin. That had been discussed and generally ignored several times. Damage had been seen to the seals in previous launches. They should have improved the design (they were working on it actually, but no one was willing to identify it as a serious problem), but even so, it was holding together.
But it was the launch in cold temperatures that reduced the durability of the O-rings that doomed Challenger
Scores of blunders sees Norfolk councils breach data laws over confidential .. — Norfolk Eastern Daily Press
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously. He said in 2012: “There is clearly an underlying problem with data protection in local government.”.