ICO raids and shuts builder blacklist firm
The Information Commissioner's Office has made its first use of an Enforcement Notice with a seven day deadline to shut down a Droitwich firm which ran an illegal database of building staff. The company, the Consulting Association, owned by Ian Kerr, ran the database for over 15 years. It contained entries on 3,213 building …
NuLab announces plans to make public an "Assured Building Industry Database" where prospective employers can assure themselves of the reliability of potential employees. This will automatically cross-reference into the DNA Database, HMRC Database, and Sex Offenders' Register so that employers can be certain that they are employing reputable bricklayers who pay their taxes on time and have no history of jacking off into the mortar, as well as turning up when they're meant to.
"This is an important step forwards for Britain as a society, " said Home Secretary Jaqui Smith. "It sends a strong signal that the UK Government is determined to stamp out illegal information trading, but are equally determined to ensure the protection of our building industry."
Registration to have access to the database, which will be mandatory, will cost £5,000, and each search will cost £4. Any building company found to be employing individuals without using the database will be arrested under anti-terrorism laws for potentially employing those who may have a less-than-favourable view of Gordon Brown.
isn't HMG intent on setting up an identical national UK database, containing the same information?
Perhaps they were afraid of the competition.
Another way for the big government contractors to assure their Nu Labor paymasters of keeping militant unionists away from their backhander giving projects, and ensuring non UK labour forces were used. Should any company using this list be expelled from the Olympic Building Projects now? seems fair to me that they should. Also maybe investigate how many people were denied jobs due to the list so they can bring unfair employment denial legal procedure to bear on the companies, a quick look at the database of the company should yield this info.
I hate unions since a vote at Ford in the late 70's, more hands were up for non strike action than for it, yet they declared a strike as a unanimous vote and I lost my job as an apprentice soon after , but i hate unfair employment practices more
Seriously. Recently they've been doing lots of good work.
Not enough, and they are too small and understaffed to be a major force, they seem to have some people there with common sense and a belief that their job is to protect the public.
Won't last, someone in the gov will stamp that out.
As would be expected, none of the firms which used this database will be prosecuted: from the BBC
"But what we're looking to do there is issue enforcement proceedings against those that were involved and that'll put them essentially on notice that if they get involved in this illegal trade again, then they will face prosecution."
No surprises there then.
'Trading people’s personal details in this way is unlawful and we are determined to stamp out this type of activity.'
Indeed. The government favours a more 'open source' approach to our personal details rather than this sort of closed propriatary system. Of course it would mean that Sir Robert McAlpine would have to take the 3:15 to Paddington if he wanted to find out information on his prosective employees.
I wonder if they had "insufficient arse-cleavage" as a reason for inclusion?
whilst applauding this move..
"the existence of the database was repeatedly denied"
Breaking news : Criminals deny criminal behaviour that would send them to prison shock!
what is the world coming to?
I've often wondered who is running the IT blacklist these days - anyone know? wikileaks would like to hear from you :)
they should have "anonymised" the data by changing the spaces between the names to hashes, then to commas then to dashes!
that way they could have built up a profile and kept it for as long as they like!
The state is against one (small) database that only targets the inept/incompetent; but pro a massive database that will impinge on all our lives?
Can anyone else see the logical disconnect?
All the companies that subscribed (and possibly contributed) to this blacklist must pay the equivilant of 15 years' subscriptions to every person listed listed.
Ok, each company will have to fork out £145M and each victim will end up with £1.8M in the bank, but that's small change compared with boardroom pay and will send a strong message that this government takes data protection seriously. Oh, wait a minute...
So is the problem what they were doing, or the fact they didn't pay the ICO tax to do it? (aka registering under the DPA)
If it is the former, how is this different to a company that keeps a record of people's FINANCES and then banks, etc. ask them whether to lend to people on their list?
If it is the latter, can I report my recently previous employer and get them the same treatment?
1> Buy shares in one of the firms that used this illegal database.
2> At their next AGM, ask the chairman to produce an estimate of the firm's total financial liability to the people who were refused jobs due to information from that database.
3> Watch them squirm to try to get out of it.
Then why doesn't it start protecting the rights of citizens and get on Phorm's case?
So what's new about this? The oil companies have been running their NRB (not required back) scheme offshore, and onshore, for years. Anyone who dares speak out about the safety issues being flouted or the tax take being avoided sothat the rich shareholders can be made even fatter is summarily NRB'd. Up until only a few years ago the cartel of companies was so comfortable they even handed their deliberations on cutting rates to the local rag in Aberdeen the Press and Journal, that is large companies colluding together and stating in black and white in a complete flouting of the cartel laws that EVERY independant company that worked with them would be cut by some arbitrary percentage amount. Now pardon me for being picky but could Tesco say to their suppliers we are going to cut your rates by 10% and not be accused of predatory behaviour? Only this week Sir Ian Wood passed a 10% cut, and more to come, statement out to the Press and Journal. Maybe another "Sir" who is heading for a nasty fall at the rate he is going. A real "SIr" realises you have to put something back in the bad times that you made in the good, ........ has Sir Ian never heard of the pharoh's dream of seven fat cows being eaten up by seven thin ones and yet growing no fatter or seven fat heads of wheat being eaten up by seven thin heads of wheat and yet growing no fatter? Has he not heard? Has he not understood from the beginning what is expected of him and similarly have these bulding company executives not heard and understood? These other companies I can understand but Sir Ian is supposed to run a "family business", .... where is the "family" headed with a father like him?
Easy.
Prosecute the person who ran this company, if found guilty, maximum sentence possible.
Fine client companies very large amounts, prosecute their officers who used illegally obtained information, if found guilty then pass maximum sentences possible.
But of course, soon enough we'll all have marks against us, probably posting on El Reg will be enough to be rejected for any job!
Personally I refuse to work on any black list project, and highlight that it is not clever to be doing this. They will do it for all suppliers, often it is held internally and shared across the sector, by HR departments.
What I have noticed is the companies that do this, tend to be very bad payers, and what they do is add a supplier to the list if they object to not being paid. It really needs to be rooted out and those involved prosecuted to the maximum extent of the law, it is just bad for the economy, and amounts to defamation.
There are going to be huge class actions over this, many are going to start to claim they couldn't get work because of it, so many are out of work, and people will leap on this one.
They found this one. How many others are there?
Companies like McAlpine and AMEC know this sort of activity is illegal and yet they signed up. What does that say about them? They should feel a very heavy hand of law too.
I mean it's tough to have a name that easily vandalised by turning the 'I' to a 'W'
That's the lunacy that causes you to lose your jobs to us - eastern Europeans:D Blacklisting lazy workers not allowed? And some of you actually believe that these people who were refused the jobs are entitled to compensation??? It beggars belief, it really does.
Right behind you mate! Wait, what's that up there?
*oink* *oink* *flap* *flap*
Remember a similar organisation being uncovered in the '80's.
Whilst deploring the database itself , I have to express a little surprise that companies were paying £3000 a year and £2.20 a time to check a datasbase that only had 3000 people on it.
Talk about money for old rope. I wish I'd thought of it.
Mines the one with a couple of phonebook's in the pockets.
Why won't the companies using the service be prosecuted? The data must have been provided by somebody, the database owner didn't just find it lying around on a train. So presumably the data came from employers, it would be reasonable to assume that the companies using the database were populating the database.
The ICO needs to investigate this ASAP. If they don't then they are just as toothless as ever. Wow, they're bringing their first prosecution against a very small firm when the very large firms involved are just getting a warning. Nothing at all to do with the government's love in with the contstruction industry over the last ten years or so then?
So let me get this straight... Building companies used the database to decide whether to spend money employing someone who may just be a lazy git.... seems like a good idea to me - wish we had such a db in my industry!
I'm reliably informed there is also a blacklist much bigger than this where retail and shop floor staff are blacklisted if there is a hint of suspicion of theft. Whilst you can’t dispute the motives, the reality is that the employee is often not charged so the blacklisting can occur on unsubstantiated allegations alone. Even worse there isn’t “due process” as far as I can see, so it could be possible for people to end up being unemployable because of a vindictive manager after e.g. an employee speaks out and the management don’t like it.
While I dont totally agree with what went on if I was an employer I would not want to hire a trouble maker or union activist. There is a fine line between being actively involved in a union and using your employment to push political ideals.
If I was to employ somebody I would want them to actually work and be a part of the company rather than trying to turn the employees against the management and disrupt work. Too many good companies have been brought down over the years due to trouble makers.
Yeah, I think they also claimed that the DPA didn't apply as their records were on paper and not in a database.
There have been a couple.
There was an organisation back in the 70's - real right wing old boys club. They kept the data on index cards; it supoosedly contained information on a surprising number of people from a very wide range of indiustries.
People were labelled in different ways - political leanings, sexual orientation. In some cases that they had attended certain types of protests or even that they had dared to write to their local newspaper. Almost like the Stazi in fact.
The list contained people from all walks of life, including teachers, police, MPs, ex servicemen, jounalists, lawyers, writers, as well as the expected trade unionists.
I've said it before and I'll say it again - it ain't Big Brother we have to worry about, but lots of Little Brothers.
I bet this wasn't the only copy HE had of that one either. 10:1 in 6 months time one of his 'relatives' will be offering a similar service to the same companies, and possibly fiddled so they can't prosecute this time.
It's a sad fact of our times that if this sort of service will make people money, they'll do it - whether it's legal or not. Only problem is that the government are making their own and they're passing laws quietly to make theirs legal.
IANAL - however I have worked in IT compliance for some time, someone above asked what the problem is, legally there will be several:
a) it won't be registered
b) the data won't have been legitimately collected
c) they won't be able to demostrate the accuracy of the data (which is what would give rise to potential law suites)
work your way through the principals and they will all have been broken - but the key ones from the ICO perspective will be points (b) and (c)
In terms of the companies that subscribed they might have a defence to claim that they thought the database was legit and all they had was a subscription (aka the fincial services firms using dodgy private eyes a few years back to social enginer - i think the report was called what price privacy). The difficulty with that is the union membership and details of partners which are legally defined as sensitive information, if you have any meaningful DPA knowledge it woudl be quite hard to claim that you thought you could purchase that level of detail (of course the record check might just say yes/no in which case the construction company might well be legally insulated).
It will be interesting to see what happens however as one of the big findings of the previous report was that even when convicted of DPA offences the actual sentances were largely trivial (e.g. typically a couple of hundred quid fine). Enforcement of this isnt purely down to the ICO its also down to the Judge that eventually has to sentance.
Yes and no.
Blacklisting via a 3rd party "agency" is not allowed in Eastern Europe any more than here.
Now giving a lazy worker a proper reference that he is lazy, sloppy and is not worth hiring is a different matter. Eastern Europe has absolutely no qualms about that.
Unfortunately not the case in the UK.
English law is an ass. It takes one idiotic precedent and the country is indeed to the dogs. Over the last 10 years a number of employees have managed to prosecute their ex-companies successfully for providing negative references and the official guidance in 99%+ of the companies is not to give a reference if it is going to be bad.
As a result even people who have been summarily dismissed for anything short of a criminal offence can just walk out of a job into another one.
Now this _IS_ country going to the dogs. There has to be a certain level of protection here.
Specifically, an ex-employee should not be able to sue an ex-employer for a negative reference before winning a discrimination, unlawful dismissal or other suitable legal challenge in any case where said employee has been dismissed.
Unfortunately, that is something missing from British law (time to go write a few more positive references for lazy w***ers I guess)
...not putting the data on a web site hosted somewhere else?
"Blacklisting lazy workers not allowed? "
You know this for sure do you? Are you blind or just too stupid to understand that they can add people to this list who 'aren't lazy' but could be 'trouble' (as in reporting tax dodges etc.)
Where's the accountability - where's the opportunity to defend your reputation - where do you find out there is a list, let alone if you're on it?
Comments like that just make you look daft.
"How is this different to a company that keeps a record of people's FINANCES and then banks, etc. ask them whether to lend to people on their list?"
Legal credit rating agencies allow people to access the information held about them and ask for mistakes to be corrected. This illegal blacklist had no such mechanism and it's existence was deliberately kept hidden from the people on it.
Sounds like the 21st century version of the 20th century "Economic League", enthusiastically supported by MI5.
"Trading people’s personal details in this way is unlawful and we are determined to stamp out this type of activity. Unless you work for BT or Phorm"
There. Fixed it for you.
"The state is against one (small) database that only targets the inept/incompetent; but pro a massive database that will impinge on all our lives? Can anyone else see the logical disconnect?"
No, we can't. Today's story is about a breach of the current law, whereas you are thinking about proposals for the future.
There is a distinction in the UK between the latest hair-brained scheme of an idiot politician and the law of the land. The present wunch of bankers would dearly love to abolish that distinction, but despite their majority in a supposedly sovereign parliament, they haven't managed yet. (It appears they are too fucking clueless to realise that you have to change the law first and *then* break the old one. Of course courts are so terribly picky about that sort of thing, resulting in repeated instances of politicians bleating about the courts getting above themselves.)
1. The only reason the ICO were able to take enforcement action is because the company running the database was not registered with the ICO as controlling personal data. That is the only criminal offense which took place here - if they had registered themselves with ICO at a cost of £35 a year then they would have avoided this prosecution.
2. David Smith, deputy Information Commissioner himself stated last Saturday on a panel at the Convention on Modern Liberty that ICO have NO enforcement powers under DPA when it comes to registered institutions/corporations.
3. David Smith, deputy Information Commissioner himself stated last Saturday on a panel at the Convention on Modern Liberty that the ICO registration fee was a TAX on businesses and contributes to the ICO's annual budget.
So there you have it, for a fee of £35 per year any company or organisation can basically do whatever the hell they like with personal data. They might get told off by the ICO if they break the DPA but they certainly won't be prosecuted.
With reference to points 2 and 3 above watch the video yourself to see him saying those things, it is available here:
http://www.openrightsgroup.org/2009/03/04/good-practice-in-behavioural-advertising/
It is the second video (the Q&A panel) which contains the relevant statements - readers might also be interested in the deputy information commissioner's statement that ICO don't need to take action against Phorm because the public are doing such a good job of it. Oh and also that people in the UK don't have a right to privacy, only a right that others respect their privacy....the guy is a complete idiot in my book.
Unless this firm just made up the comments about individuals, they had to come from somewhere, and to me this is the elephant in the canoe smelling of coffee.
Who has been grassing up these people? The very firms that then dip into the database to check up on prospective new employees? Managers from these firms, either from an altruistic desire to ensure their industry isn't infested with ne'er-do-wells, or because they get a backhander for being informants? Co-workers, for the price of a pint?
Who cares? Let's just concentrate on a small firm from Worcester, and let everyone else go free.
"Get your coat, son, and hit the road. Someone told me you complained about lax H&S on your last job. We don't want your sort here. Next! "
"could Tesco say to their suppliers we are going to cut your rates by 10% and not be accused of predatory behaviour?"
A company "like" Tesco (I'd better not say it WAS Tesco) told us a few years ago that we, along with all its other suppliers, were being "required as a condition" to provide our service at £6 per item instead of the £8 we had previously agreed.
We told them to get stuffed as our price was already good and they weren't even buying the minimum quantity to qualify for the £8 tariff. But they wouldn't budge from £6 because it would probably have cost somebody their Christmas bonus. Consequently they had to give the job to another company -- who just happened to be one of our regular trade customers and for the next couple of years subcontracted it back to us at the proper price of £8.25 per item. Plus, presumably, their own mark-up.
Now, work that one out.
Cor dear, I started reading the feedback and then had to double check that I was on TheRegister.com and not TheDailyMail.com
When I was a boss, I followed the rules of long ago. The shortest references are the best references; 'Good for your business' is ultimate best. The longer it goes on, the more it means 'phone me'. Over the page, and it's one for the blacklist. Does anyone still know this? (and, er, did they know it when I did it?)
"You know this for sure do you? Are you blind or just too stupid to understand that they can add people to this list who 'aren't lazy' but could be 'trouble' (as in reporting tax dodges etc.)"
err... and how is it wrong to tell others to not hire the snitching bastard?
Harsh statements in the press. No action taken. Typical.
The companies signed in have been repeatedly and knowingly breaking the law for years, ruining the life of an untold number of persons in the process. Yet no-one will be prosecuted. The ICO is sending a very strong message indeed. I believe this message is: "Laws don't apply to large companies. Go ahead, we'll keep the populace busy".
If you complain to the ICO that you bank or credit card company has given inaccurate data to a Credit Reference Agency, you'll go grey, bald and toothless before they act.....and they can't even fine / reprimand the Police when evidence goes missing.
but hey... they've got jobs and those builders are bad bad people in the public mind at the moment
any chance they will look at Royal Bank of Scotland to check the accuracy of their accounts... (its data!)
The law was altered a while ago, now information held in either electronic or paper format is covered.
Information held on the "database" included notes about individual workers which included descriptions such as "ex-shop steward, definite problems", "Irish ex-Army, bad egg", while others related to workers who had raised concerns over health and safety issues on sites, such as asbestos removal.
Maybe there was the occasional comment such as "refused to work in an atmosphere of asbestos dust .... obviously a lazy person"
Anyway, the people ON the "databease" neither knew about it, nor that they were on it. So they would not have been able to use their rights under the DPA to access the information.
Maybe they should also look at the engineering employers, who have been doing the same for donkeys years now...
"Notes about individual workers included descriptions such as "ex-shop steward, definite problems", "Irish ex-Army, bad egg", while others related to workers who had raised concerns over health and safety issues on sites, such as asbestos removal."
http://www.telegraph.co.uk/news/uknews/4948344/Call-for-action-over-rampant-blacklisting-of-workers.html
Yes, if I was an employer I wouldn't want someone snitching to the authorities that I'd put people's lives at risk incorrectly removing asbestos for example. But that doesn't make it right does it ?
Thanks for that very good point. My Phorm folder has now risen to 21.8Mb!
