The ICO has ruled that the Disclosure and Barring Service (DBS) breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks.

The DBS, the UK government organisation that processes requests for criminal records checks and decides whether it is appropriate for a person to be placed on or removed from a barred list, had failed to update its application form and omit a question requiring individuals to declare minor and historic offences, following a recent change in the law.

As a result, the ICO received a complaint from Unlock, an independent charity providing advice services for people with criminal convictions, that they were receiving a large number of calls about the problem. Unlock highlighted the case of two individuals who answered the question positively, not realising that the information they provided was no longer required following changes to the Rehabilitation of Offenders Act, which came into force on 29 May 2013. The two people subsequently had their offers of employment withdrawn.

The DBS has signed an undertaking committing the organisation to improving the way it looks after people’s information by reviewing and updating its existing guidance to applicants to explain what information will be passed to their prospective employers.

A copy of the undertaking is available here.

Written By

Brian Davidson, CIPP/E


If you want to comment on this post, you need to login