ICO raids and shuts builder blacklist firm
No more snoop for you
Posted in Management, 6th March 2009 10:08 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
The Information Commissioner's Office has made its first use of an Enforcement Notice with a seven day deadline to shut down a Droitwich firm which ran an illegal database of building staff.
The company, the Consulting Association, owned by Ian Kerr, ran the database for over 15 years. It contained entries on 3,213 building workers and was accessed by over 40 construction companies including many household names.
Entries included information on workers' personal relationships, union activities and previous employment. Some information was up to 30 years old.
Building companies would send Kerr a list of potential staff members and he would check it against his blacklist. Companies paid annual subscriptions of £3,000, plus £2.20 for each record checked.
David Smith, deputy Information Commissioner, said: “We will prosecute Mr Kerr and we are also considering what regulatory action to take against construction firms who have been using the system. I remind business leaders that they must take their obligations under the Data Protection Act seriously. Trading people’s personal details in this way is unlawful and we are determined to stamp out this type of activity.”
Not only was the information held without people's consent, but the existence of the database was repeatedly denied.
The investigation was begun after an article in the Guardian last June.
Companies using the service included several Amec firms, Balfour Beatty, Costain UK Ltd, Laing O'Rourke, Sir Robert McAlpine Ltd and Skanska. Ex-members included G Wimpey Ltd, John Mowlem Ltd, Lovell Construction(UK) Ltd and Taylor Woodrow Construction Ltd. ®
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
COMMENTS
@Boris the Cockroach
"does that deserve me from being blacklisted"
Absolutely.
You are clearly (from their POV) not a team player. You seem to think you have some kind of professional responsibility to not deliberately break the law, and telling them that what they are planning to do is illegal. Doing it in writing (so they cannot deny they knew it was illegal) just winds them up further.
"can I call the database people and get my details corrected from 'snitching bastard' to 'enforces safety rules when there's a danger of death' ?"
No.
That's because its a *secret* blacklist. See my comment about my friend in the building trade.
I'm no lawyer but IIRC the general advice for these sort of situations is keep a diary of who said what and when, along with copies of emails & documents. And you should talk to an employment lawyer. If you do it under orders I think you'd both be liable.
But you'd have to *prove* you were ordered. And you'd still be liable if you knew this is illegal.
Mines the one with copies of Disclosure and Prey in the side pockets.
public safety too
There are public safety issues too. In some cases it appears workers have been branded troublemakers because they had concerns over asbestos disposal etc. If those people have been added to the list for being potential whistleblowers, who know what jerry-built crap we are living and working in?
So maybe the lead poisoning has got to you ignorant idiots who say 'what's the problem?'
Remeber the first rule of blacklist...
is no one talks about the black list
Mines the one with a copy of the Fight Club DVD in the pocket
Data be, or not to be ?
The law was altered a while ago, now information held in either electronic or paper format is covered.
Information held on the "database" included notes about individual workers which included descriptions such as "ex-shop steward, definite problems", "Irish ex-Army, bad egg", while others related to workers who had raised concerns over health and safety issues on sites, such as asbestos removal.
Maybe there was the occasional comment such as "refused to work in an atmosphere of asbestos dust .... obviously a lazy person"
Anyway, the people ON the "databease" neither knew about it, nor that they were on it. So they would not have been able to use their rights under the DPA to access the information.
Maybe they should also look at the engineering employers, who have been doing the same for donkeys years now...
@AC 16:00
"Notes about individual workers included descriptions such as "ex-shop steward, definite problems", "Irish ex-Army, bad egg", while others related to workers who had raised concerns over health and safety issues on sites, such as asbestos removal."
http://www.telegraph.co.uk/news/uknews/4948344/Call-for-action-over-rampant-blacklisting-of-workers.html
Yes, if I was an employer I wouldn't want someone snitching to the authorities that I'd put people's lives at risk incorrectly removing asbestos for example. But that doesn't make it right does it ?
IT infrastructure monitoring strategies
The new Office Garage series:
Top 10 SIEM implementer’s checklist
