Feeds

Retailers risk libel nightmare over 'no-work' database

A nation of suspicious shopkeepers

The essential guide to IT transformation

Shop staff who have been sacked or resigned while under suspicion of dodgy behaviour could soon struggle to find work, as some of the UK's top retailers are set to share information online about their employment history.

But today a leading libel lawyer warned that the scheme to disseminate unproven allegations could prompt a flood of defamation claims against businesses.

The National Staff Dismissal Register (NSDR) is set to go live later this month. It's being launched by Action Against Business Crime (AABC), a joint "crime reduction partnership" set up by the British Retail Consortium and the Home Office. AABC claims dishonest staff cost shops an average of £497m annually.

Major retail employers including Selfridges, Harrods, Reed Managed Services and HMV have signed up to populate the register with data. Personal information, including photographs, will be held for three years, or five years in "special circumstances".

AABC believes the threat against future job prospects will discourage dishonesty, and save money on internal investigations.

The NSDR's definitions of dishonesty are broad. To be included in the database, a worker need only to have left a job while under mere suspicion of:

  • Theft or attempted theft of money, merchandise or property from the company, its suppliers, staff or customers
  • Falsification or forgery of documents
  • Fraudulent acts resulting in the obtaining or intention of obtaining money, assets, services or information which would otherwise be denied
  • Causing a loss to the company or another party (e.g. Supplier)
  • Causing damage to company property.

Operation of the NSDR has been outsourced to Hicom Business Solutions, a Surrey IT consultancy. It will offer a website where human resources departments can check on past allegations against job applicants. AABC emphasises that SSL encryption will be used as a security measure.

Despite the Home Office's partnership in AABC, a spokeswoman denied any involvement by the department and refused to comment on the database. "It's nothing to do with us," she said.

A spokeswoman for the Information Commissioner's Office said companies will not be allowed to use an entry on the register as the sole reason to deny a job applicant employment. The Data Protection Act insists that people are told when they are added to the database, told when their entry is accessed, and gives them rights to correct any inaccuracies. Hicom has worked closely with data protection officials to ensure compliance, she said.

The regulations mean that only allegations made after the NSDR goes live can be included.

Libel lawyer Razi Mireskandari, a partner at London firm Simons Muirhead and Burton*, warned that employers who record their suspicions on the database could easily face claims for defamation. Even if the allegation is not accessed by other firms, a case could be made, he said.

Mireskandari cautioned: "Frankly, if I have CCTV showing someone stealing from the cash register, then I'm confident I can sack that person, but I wouldn't want to share that information. It's a real risk."

He argued that the ICO assurances mean nothing in respect to the likelihood of libel actions: "Data protection is totally separate from defamation."

He said one likely strategy for aggreived workers' lawyers would be to attack Hicom's ISP with a defamation claim, to have the NSDR taken offline.

Unions and civil liberties groups have expressed outrage at the scheme. It's seen as a commercial version of a Criminal Records Bureau check, except the records will be made without the involvement of law enforcement or the courts.

TUC general secretary Brendan Barber said in a statement: "While criminal activity in the workplace can never be condoned, the TUC is concerned that this register could lead to people being excluded from the job market by an employer who falsely accuses them of misconduct or sacks them because they bear them a grudge. An individual may not be aware they have been listed and have no right of appeal.

"The Criminal Records Bureau was set up to assist employers to make safe appointments when recruiting staff to work with vulnerable groups and already provides appropriately targeted and effectively regulated protection for employers."

AABC chief executive Mike Schuck emphasised that the database would not be used on all applicants. "This is not just about running people through a database," he said. "It' will be at the final stage of the recruitment process and it cannot be the decisive data. As an employer you're going to use it selectively." ®

*Disclosure: Mireskandari is retained by The Register.

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.