More than 40 major British companies face legal action for allegedly buying secret personal data about thousands of workers they wanted to vet before employing them.
The information commissioner, Richard Thomas, will today publish a list of the companies he believes may have broken data protection laws, after an investigation by his office that was sparked by fears that many workers were being unfairly “blacklisted”.
Alan Ritchie, the general secretary of Ucatt, the construction union, said: “Ucatt members know from bitter experience of being refused work that blacklisting exists in construction.
“However, the extent of the practice and the fact that most of the major companies are involved in the practice is truly shocking. It is outrageous that construction workers have been barred from jobs simply for being trade unionists.”
See after the jump for the full press release
Press Release 6 March 2009
ICO seizes covert database of construction industry workers
An investigation by the Information Commissioner’s Office (ICO) has uncovered a database containing details on 3,213 construction workers which was used by over 40 construction companies1 to vet individuals for employment. The information includes sensitive personal information such as construction workers’ personal relationships, trade union activity, as well as people’s employment history.
The information has been seized by the ICO during a raid in Droitwich, West Midlands. Ian Kerr, the owner of a firm known as the Consulting Association, appears to have run the database for over fifteen years. The ICO has uncovered evidence at Kerr’s premises that named construction firms subscribed to Kerr’s system for a £3,000 annual fee. Companies could add information to the system and pay £2.20 for details held on individuals. Invoices to construction firms for up to £7,500 were seized during the raid.
The ICO has served an Enforcement Notice ordering Mr Kerr to stop using the system. Mr Kerr is to cease trading by the end of this week and he now faces prosecution by the ICO for breaching the Data Protection Act.
Deputy Information Commissioner, David Smith, said: “This is a serious breach of the Data Protection Act. Not only was personal information held on individuals without their knowledge or consent but the very existence of the database was repeatedly denied. The covert system enabled Mr Kerr to unlawfully trade personal information on workers for many years helping the construction industry to vet prospective employees. The Data Protection Act
1 List of companies available in notes to editors
clearly states that organisations must be open about how they process personal information, and in most cases those processing personal information must register with the ICO – Mr Kerr did not comply with the law on either count.
“On raiding Mr Kerr’s business premises we discovered an extensive operation involving household names in the construction industry. Kerr held information on thousands of construction workers and profited by checking names against his database.
“We will prosecute Mr Kerr and we are also considering what regulatory action to take against construction firms who have been using the system. I remind business leaders that they must take their obligations under the Data Protection Act seriously. Trading people’s personal details in this way is unlawful and we are determined to stamp out this type of activity.”
From 16 March the ICO will operate a dedicated enquiry system for people who believe personal information about them may be held on the database. Members of the public are advised not to contact the ICO until 16 March.
If you need more information, please contact the ICO press office on 020 7025 7580 or visit the website at: http://www.ico.gov.uk
Notes to Editors
The table below lists the companies that subscribed to the Consulting Association. The use of brackets indicates where companies have undergone a change of name or where subsidiaries have been absorbed by parent companies. Ex members may no longer exist or no longer avail themselves of Kerr’s service.
Amec Building Ltd
Amec Construction Ltd
Amec Facilities Ltd
Amec Ind Div
Amec Process & Energy Ltd
Amey Construction – Ex Member
B Sunley & Sons – Ex Member
Ballast (Wiltshire) PLc – Ex Member
Bam Construction (HBC Construction)
Bam Nuttall (Edmund Nutall Ltd)
C B & I
Cleveland Bridge UK Ltd
Costain UK Ltd
Crown House Technologies
Diamond M & E Services
Dudley Bower & Co Ltd – Ex Member
Emcor (Drake & Scull) – ‘Ex Ref’
G Wimpey Ltd – Ex Member
John Mowlem Ltd -Ex Member
Laing O’Rourk (Laing Ltd)
Lovell Construction (UK) Ltd – Ex Member
Miller Construction Limited – Ex Member
Morrison Construction Group –Ex Member
N G Bailey
Shepherd Engineering Services
Sias Building Services
Sir Robert McAlpine Ltd
SPIE (Matthew Hall) – Ex Member
Taylor Woodrow Construction Ltd – Ex Member
Turriff Construction Ltd –Ex Member
Tysons Contractors – Ex Member
Walter Llewellyn & Sons Ltd – Ex Member
Whessoe Oil & Gas
Willmott Dixon – Ex Member
Vinci PLC (Norwest Holst Group)
1. The raid on Mr Kerr’s business premises in Droitwich was conducted on 23 February 2009
2. We understand Mr Kerr has ceased trading and has vacated his business address.
3. This is the first case where the ICO has used issued an Enforcement Notice with a seven day compliance condition. Ian Kerr breached the Data Protection Act by
unfairly and unlawfully processing personal information. He failed to notify the ICO as a data controller.
4. The ICO’s action follows an article, entitled Enemy at the Gates, published by The Guardian newspaper on 28 June 2008.
5. The ICO promotes public access to official information and protects personal information. The ICO is an independent body with specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
6. For more information about the Information Commissioner’s Office subscribe to our e-newsletter at http://www.ico.gov.uk