back to article Bosses to be banned from forcing new hires to pull personal records

Forthcoming changes to the law will prevent employers, insurers and other organisations from forcing individuals to access personal data held about them by others and reveal the results to the party requesting that information, the data protection watchdog has warned.19 Feb 2014 Changes to the Rehabilitation of Offenders Act, …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    I'd pass that test

    Never been asked this but if I was I'd consider it a test of character and tell them to sod off. And don't mention national security, if it really is needed in the interest of national security they can pull whatever they want without you having to do it for them.

    Furthermore, even though you can't be forced to do this I can imagine there will still be loads of people who will under the impression that if they don't they won't be considered for a job. In all a completely useless piece of legislation.

    1. PyLETS

      Re: I'd pass that test

      "In all a completely useless piece of legislation."

      Not useless if someone illegally requests you obtain this personal data in writing. This written request then becomes evidence of the offence having been committed. Also going into an interview covertly wired for sound is likely to obtain evidence of this request spoken suitable for public exposure and prosecution. It's a standard news gathering technique.

      I'd would also tell a prospective employer to f*** off if they asked for my Facebook password - I've heard of some doing that but I would never want to work for such a s***. That kind of request for me would be the end of the interview.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'd pass that test

        >Not useless if someone illegally requests you obtain this personal data

        The request is not illegal, forcing you to provide the data will be.

        They can still ask, verbally or in writing, and say that you are not obliged to provide such information but the underlying threat is there. Some will feel they have to comply or not get the job. The legislation will prevent the employer saying it is a compulsory part of the selection procedure. The only way the legislation would be of any use is if it prevented the request being made in the first place.

      2. BlueGreen

        Re: I'd pass that test @PyLETS

        > Also going into an interview covertly wired for sound is likely to obtain evidence of this request

        Please correct me but I thought it was illegal to record a conversation unless all parties knew and agreed to it?

        Edit: in the uk at least.

        1. Martin H Watson

          Re: I'd pass that test @PyLETS

          I think it's ok if it's for your own use, whatever that means.

        2. Anonymous Coward
          Anonymous Coward

          Re: I'd pass that test @PyLETS

          "Please correct me but I thought it was illegal to record a conversation unless all parties knew and agreed to it?"

          Not quite so in all scenarios I believe. For example, you might phone a utility company. They have a legal obligation to inform you that calls are (or may be) recorded. However, as a private individual you are free to record any conversation without making the other caller aware of the fact the call is being recorded.

          However, should you subsequently end up in a court dispute, you will likely have problems introducing said covertly recorded conversation as evidence.

          1. CaptainHook

            Re: I'd pass that test @PyLETS

            However, should you subsequently end up in a court dispute, you will likely have problems introducing said covertly recorded conversation as evidence.

            *****

            I would have thought that the moment the company plays that "Calls maybe recorded" message, that the notification requirements have been met, it doesn't matter that the side doing the recording isn't the side which gave the notification.

            1. John Brown (no body) Silver badge

              Re: I'd pass that test @PyLETS

              "Calls maybe recorded" message, that the notification requirements have been met,

              One day, a court will have to decide if "this call may be recorded" is a notification or a granting of permission. Obviously a lawyer worded that message so as to cover all angles :-)

            2. Anonymous Coward
              Anonymous Coward

              Re: I'd pass that test @PyLETS

              "However, should you subsequently end up in a court dispute, you will likely have problems introducing said covertly recorded conversation as evidence."

              There was a local case here that made the national press 6 or 7 years ago. An asian guy was cuffed by the old bill and taken to the nick (I forget what for) with the cops physically an verbally abusing him for the duration of the journey. Somehow he taped it all via a dictaphone in his jacket pocket and later used this as the basis of a complaint. It did go to court and the tape was apparently admissible as evidence, although I'm not sure whether that was at the discretion of the judge.

        3. hplasm
          Devil

          Re: I'd pass that test @PyLETS

          Perfect case for wearing a GoogleGlass!

        4. A Non e-mouse Silver badge

          Re: I'd pass that test @PyLETS

          Please correct me but I thought it was illegal to record a conversation unless all parties knew and agreed to it?

          Oh no....It's much more "fun" that that ;-)

          www.ofcom.org.uk/static/archive/oftel/consumer/advice/faqs/prvfaq3.htm

        5. Anonymous Coward
          Anonymous Coward

          Re: I'd pass that test @PyLETS

          It isn't illegal, you ARE supposed to make all 3rd parties aware and they have as much right to say "no" as you have to say you are recording the conversation but there have been instances where a case has been found in favour on the strength of a covertly recorded interview.

          i.e, if we have a phone conversation and I record it then no law broken even though I haven't asked or informed you. If a 3rd party acting on either my or your behalf listened in / recorded then that would need to be disclosed to the other reciepient that the conversation is being recorded.

          * As I understand it in a basic fashion.

        6. PatientOne

          Re: I'd pass that test @PyLETS

          @BLueGreen

          It's a grey area, but the key is intent. If it is intended to aid a prosecution then it could be claimed to be entrapment, and so would be inadmissible in court.

          What you are thinking of is recording a telephone conversation which is covered under the telecommunications Act (and it is illegal without a warrant or permission from the other party).

      3. cortland

        Re: I'd pass that test

        Then you have to prove it's your real FB account and not a sanitized one. If you give up another, well, you have to prove...

    2. Anonymous Coward
      Anonymous Coward

      Re: I'd pass that test

      Sorry but on one part of your statement you are very wrong.

      My company is just getting List-X status which means we can hold classified documents on site. Anyone who has access to the secure area has to have security clearance, however everyone else who works for the company must have at least a Basic Disclosure that proves who they are. No basic Disclosure, no job! We have not made up those rule, HMG has imposed them on us.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'd pass that test

        Basic disclosure will not show spent convictions. See my later comment. I think we all understand that for certain jobs some form of screening will be necessary.

        A company does not do security clearance and does not need to know the details of such nor request an employee, current or prospective, to provide any personal details under the guise of obtaining clearance. All a company needs to know is that clearance was approved or not.

        1. JohnMurray

          Re: I'd pass that test

          Several large organisation get DBS clearance via Scotland, where the basic clearance does not exist.

      2. Anonymous Coward
        Anonymous Coward

        Re: I'd pass that test

        @alannorthants

        Is the Basic Disclosure not verified against government held recrods? ("No convictions? That's not what the PNC says")

        Oh, and welcome to the machine.

  2. Tom7

    Explanation?

    It would have been really useful to have this explained in layman's terms. I spent most of the article thinking it was about employers asking for access to Facebook, and I'm still not sure it doesn't cover that.

    1. Anonymous Coward
      Anonymous Coward

      Re: Explanation?

      My understanding is that it's geared towards things like health data and criminal records, but that "lesser" information such as social media accounts would also fall under the same exclusion. This would be of interest to my partner, who had to provide the passwords to her LinkedIn and Facebook accounts when joining her current employer.

      1. Anonymous Coward
        Anonymous Coward

        Re: Explanation?

        It's to do with criminal convictions. After a certain time a conviction is considered spent and you do not have to mention it. Even if an application form asks if you have any, strictly speaking at that moment in time you don't so you can legally say no. This applies to the majority of jobs, there are those where you do have to mention all convictions, spent or otherwise. Now by asking you to provide, for example, your police record they will see everything on file which is a way of seeing that maybe in your youth you'd been a naughty boy, apparently as many as 1 in 3 males have. It might also show up that you are simply "known" to the police with no other explanation, which might be viewed as being worse than having comiitted a minor crime.

        1. JohnMurray

          Re: Explanation?

          Any criminal record of a person up to age 18 is not carried into adulthood, apart from serious crimes such as a serious sexual offence/murder etc.

          1. durandal

            Re: Explanation?

            You're thinking of Germany. Here, your conviction data stays on until you hit 100 years of age.

      2. Emperor Zarg

        Re: Explanation?

        So your partner breached the T's and C's of Facebook and LinkedIn. I wonder if exposing the personal data of others in this way is also a breach of the DPA?

        1. Lee D Silver badge

          Re: Explanation?

          Sorry, but I'd sack your partner. She just breached a legal agreement in order to provide access to her employer (something which is established in law that you cannot be forced to do).

          If she works for some security-sensitive area (about the only excuse I can think of), then it's still unnecessary - they could have just send a request to Facebook etc. themselves.

          The correct response is "Sod off". Followed by, possibly "I will not breach a binding legal contract in order to provide you with a sensitive password that accesses my personal information in breach of the Data Protection Act just because you say I must. And if you ask me, or anyone else in this interview process, that question again I will be reporting you to the Department of Work & Pensions. But, of course, you're only doing it as a test to check that I understand Data Protection laws and the legal effects of contracts, aren't you?"

          1. Corinne

            Re: Explanation?

            All very good standing by your principles but in the long run it means you don't get the job, it goes to someone who was willing to hand over the data. Maybe if you have skills that are in short supply that's fine, but for the majority of jobs these days there are many people applying for every decent job and employers can pick & choose on a whim who they take on.

            1. Lee D Silver badge

              Re: Explanation?

              No, they can't.

              You know why? If you don't get the job but the guy who handed over his password does? You talk to the Department for Work & Pensions. It is ILLEGAL to discriminate over the fact that you WOULD NOT break the law. Hence, read my extended threat properly.

              You'd probably get more out of them by reporting them than you'd have earned in the first year on the job. This is when the compensation culture / settling out of court works FOR you.

              I'm sure the guy who works 100 hours a week, doesn't report missing/broken safety gear, allows his employer to beat him, and gets paid once a year only when they have cash is also "happy" for his job. It doesn't make it any less illegal - or sensible - to hand over personal passwords against legally-binding contracts you have agreed to.

              And you have to think what this reflects - this reflects on YOU (I'd happily use this question as a test in an interview for, say, an IT Manager to see whether they will happily breach the DPA just because you asked them to), and on your employer - they obviously don't give a damn about you breaking the law so long as you do what they tell you to.

              There are some employers you just DO NOT want to work for. "Just because I need the job" will not excuse any and all evil, no matter the legality. And pulling out the "I need the job" card is the stupidest thing ever. "I worked down a mine that I knew was collapsing because I needed the job"... sorry, no sympathy.

              Jobs are important. Money is important. But the courts suing your ass off will hurt you more in the long run, and working for an employer who is NOT BREAKING THE LAW is much more important if you want any kind of job security. Don't let it be you taking the fall, but your employer.

              (Hint: I'm currently temping BECAUSE I walked from a former employer who put undue demands on me and had no interest in the legality of actions I was asked to perform / my job / welfare requirements / etc. Since then, it's been revealed that they are doing everything from falsifying disciplinary meeting minutes - for other staff, not me, they knew too well to try it to take it that far as I was on the verge of suing for constructive dismissal anyway - to misreporting finances, to expecting me to casually break the DPA, to wondering why I don't subject myself to physical harm in order to do a job I'm not trained to do. I walked. I got another job. It starts in April. I'll suffer the less-employment in the meantime in order not to work for an employer performing potentially ILLEGAL activities and expecting me - and other employees who have also fled / threatened lawsuits - to collude and/or take the fall when independent auditors come knocking.)

              1. Anonymous Coward
                Anonymous Coward

                Re: Explanation?

                "You talk to the Department for Work & Pensions. It is ILLEGAL to discriminate over the fact that you WOULD NOT break the law."

                Much as I understand you're angry, violating a website's T&C is not breaking the law. It's breaking terms of a contract. There's quite a difference between the two.

              2. Corinne

                Re: Explanation?

                Lee D I am very sorry that you had such a dreadful experience, and in your situation I would probably do the same as you. However in the specifics under discussion here, it's very much a case of your word against theirs whether they demanded or requested the info (unless of course it's in writing) and there's a massive difference between being dismissed from an existing job and obtaining a new one.

                An employer doesn't have to give any particular reason why they take on one candidate rather than another, so there would be no case for a tribunal.

                I've been to interviews where I've been asked to bring examples of work I'd produced for previous employers and refused, pointing out that as it was a highly confidential project they wanted me for then surely they could respect that I was keeping the confidentiality of previous employers. I was turned down for one job "because they felt I wouldn't be as dedicated to the company as another candidate" despite it being a contract role!

              3. Anonymous Coward
                Anonymous Coward

                Re: Explanation?

                Lee D: If you don't get the job but the guy who handed over his password does? You talk to the Department for Work & Pensions. It is ILLEGAL to discriminate over the fact that you WOULD NOT break the law. Hence, read my extended threat properly.

                Companies discriminate all the time - the hard part is proving it. For instance, my brother's employer wont take on women of what they consider "child bearing age". You wont get this in writing, but one of the senior people admitted it in an alcohol induced candid moment.

              4. JohnMurray

                Re: Explanation?

                ¨ I'll suffer the less-employment in the meantime in order not to work for an employer performing potentially ILLEGAL activities¨

                Sounds like an average working day in the small and medium enterprises sector!

            2. Mark 65

              Re: Explanation?

              @Corinne:"All very good standing by your principles but in the long run it means you don't get the job, it goes to someone who was willing to hand over the data."

              Brilliant. Show me that person and I'll happily abuse them and pay them fuck all because, after all, they're glad for the job. One born every minute and workhouse employers thank you for your compliant attitude, desperation and lack of dignity and self respect. Personally, I'd tell them to go get fucked and be happy with the result.

          2. Anonymous Coward
            Anonymous Coward

            Re: Explanation?

            Sorry, but I'd sack your partner.

            No you wouldn't, seeing as you're putting yourself in the place of her employer - the one that asked her to provide the login credentials to her social media accounts.

            And if you ask me, or anyone else in this interview process, that question again I will be reporting you to the Department of Work & Pensions.

            My partner's employer work on behalf of the DWP, and their recruitment procedures have been vetted by them. The HR department have the authority to monitor employee use of social media, even though the accounts are purely personal.

      3. Roo

        Re: Explanation?

        "This would be of interest to my partner, who had to provide the passwords to her LinkedIn and Facebook accounts when joining her current employer."

        Strictly speaking your partner didn't have to provide her passwords to anyone (and in fact doing so would violate the T&Cs of most services).

        ... If I found out that a job candidate handed over their passwords (on request) to a bunch of unaccountable strangers I would inclined to bin their application with no further questions asked.

    2. 1Rafayal

      Re: Explanation?

      It means we go back to the old days where you just tick yes or no against having any criminal convictions instead of doing a CRB check for the most part.

      From what I have read so far, this means that the only people who will need to prove they have no convictions are those people going for jobs of a sensitive nature, like working with children or vulnerable people.

      1. JohnMurray

        Re: Explanation?

        CRB checks no longer exist, the CRB and ISA organisations have become one, and now it is the Disclosure and Barring Service. It is the usual gov response to being told they cannot allow information exchange between departments.

        1. durandal

          Re: Explanation?

          No it wasn't. The two have been cheerfully exchanging data since the ISA came into being.

  3. MrXavia
    Pint

    Are my eyes deceiving me, or is this government doing something to protect people privacy?

    No, that can't be it, there MUST be some nefarious plan behind it all...

    But on the off chance they don't have an evil scheme lurking in the plans, thumbs up to the government for once! I hope they can bask in the glory of it as I am sure it will be the last good decision they make...

    1. P. Lee

      > Are my eyes deceiving me, or is this government doing something to protect people privacy?

      So many members of the government now have criminal convictions that its becoming an embarrassment for a lot of people.

      1. Anonymous Coward
        Anonymous Coward

        >So many members of the government now have criminal convictions

        I think you'll find that the problem is they don't.

        As for protecting privacy, they are denying private companies to poke into your past which is a start. Try to apply for a job in public office and you'll be under the spotlight quicker than you can say "Fetch... the cushions"

  4. Zog_but_not_the_first
    Joke

    Here is the information you requested...

    ... but.

    Imagine the fun you could have providing it on obsolete media. Punched cards, ZX Spectrum tapes, 3" Amstrad disks, etc., etc.

  5. david 63

    I would be happy to give my employer my linkedin, twitter and facebook account passwords. I have already set up unused/innocuous accounts for this very purpose.

  6. Anonymous Coward
    WTF?

    Huh?

    When did employers start asking for personal account access?

    While I do have a faceache and twatter account, these are rarely used, and people I work with/for have been added to my friend list. I accepted the requests simply because I rarely use those services, the stuff I post is beyond mundane, and I don't post stuff about work on there.

    Yes, I know some of them are on there simply to "spy" on me.

    Want to "friend me" once I am working for you so you feel a little less insecure, that's fine, nothing much for you to see anyway. If I don't work for you or I don't know you, feel to browse my limited public profile, that's what the public profile is for.

    Want passwords to my Facebook or LinkedIn accounts, I don't think so, and I wouldn't want to work for such a company.

    If you are working in sensitive areas processes should already be in place to get the needed information/data, you shouldn't need to go digging it up for them or providing them direct access to your accounts and data.

    There is no excuse and I see no excuse for such obtrusiveness or for not going through the proper channels.

    .

  7. David 45

    ICO has put its teeth in

    Blimey - the ICO actually producing something useful for a change. I have queried things with them in the past that I thought were clear-cut (e.g. a company that I used to drive for passing on my personal details to a third party, namely one of those nasty so-called private parking enforcement outfits) and got pretty well nowhere. Perhaps they have got a new set of teeth at last.

This topic is closed for new posts.

Other stories you might like