Thursday, 18 July 2019

Troubled Takeover

There seems to be yet more trouble in the South West according to the following from a reader:-

Dear members

Please read the following joint Union message:

Unions raise concerns over employers DBS assessment requests

Local Branch Officials from Napo/UNISON/GMB have been inundated with requests from members for advice about the recent request issued by KSS CRC/SEETEC. This seeks staff permission to undertake a new DBS assessment and provide authority for further checks to be carried out in relation to wide ranging and comprehensive personal data. These include: 


  • Employment history
  • Education
  • Professional Qualifications
  • Membership of professional organisations
  • Character and professional references
  • Asking staff to confirm that information provided can be subject to further verification
  • Providing background information for new criminal and credit record checks
  • Association with Credit Agencies or Government organisations
  • Authority requests of staff to sign off permissions that include driving records checks and personal financial data.
  • Confirmation that staff are content for this sensitive material to be shared across European partners and others organisations
Our concerns

Yet again, the employer has launched a sensitive communication without consultation with the unions. In the absence of a number of reassurances we remain to be convinced that some of these requests do not breach many of our members individual rights to privacy and the right to data security. The Unions have no further information other than the vague assurances in the letter to staff, but given the difficulties that we were alerted to at the time of KSS CRC taking the place of Working Links (where personal files were stacked in boxes in Middlesbrough), this is not a reference that can be relied upon.

The unions have had no consultation with the employer about why they are seeking this information which appears to go above and beyond what is actually necessary. Staff reading the list of intended inquiries and the scope for third party involvement have relayed their shock and disbelief at the level of invasive checking, including the need to produce passports and domestic bills as a form of identification.

We will be urgently raising the issue with the employer and until we receive a satisfactory explanation, we must remind members that they are under no obligation to provide this material afresh as it should already be in your established online data records. If this has been lost between employers then this is a serious issue.

The unions have had no assurances about where and how this information is to be revealed and remain doubtful that this request is compliant with the existing General Data Protection legislation.

The GDPR legislation sets out seven key principles:

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security)
  • Accountability
We also intend to ask the employer to explain why, when relevant record checks last up to 4 years for a standard DBS, they need to conduct this exercise. We will be writing to the employer to record our concerns and we will also be considering the potential for a complaint to the Information Commissioners Office on behalf of the staff affected.

We will also remind the employer of the additional costs involved in this process especially as the employer has claimed that it does not have the resources to improve upon their recently imposed pay award.

The unions will be issuing further information to members at the earliest opportunity.

Meanwhile, and as a self-protection measure, the unions recommend that all members withhold their permission for these checks to be carried out until further clarity has been provided.

Ian Lawrence, General Secretary, Napo
Siobhan Brown/Simon Dunn/Debbie Monksfield, Regional Organisers, UNISON
Helen Coley, Regional Officer, GMB/SCOOP

5 comments:

  1. Outrageous! What are they going to do with this very personal information. One thing is certain. No good will come of it.
    Control. Gone too far!

    ReplyDelete
  2. about an employee
    Employers must keep their employees’ personal data safe, secure and up to date.

    Employers can keep the following data about their employees without their permission:

    name
    address
    date of birth
    sex
    education and qualifications
    work experience
    National Insurance number
    tax code
    emergency contact details
    employment history with the organisation
    employment terms and conditions (eg pay, hours of work, holidays, benefits, absence)
    any accidents connected with work
    any training taken
    any disciplinary action

    Employers need their employees’ permission to keep certain types of ’sensitive’ data, including:

    race and ethnicity
    religion
    political membership or opinions
    trade union membership
    genetics
    biometrics, for example if your fingerprints are used for identification
    health and medical conditions
    sexual history or orientation
    Employers must keep sensitive data more securely than other types of data.

    What an employer should tell an employee
    An employee has a right to be told:

    what records are kept and how they’re used
    the confidentiality of the records
    how these records can help with their training and development at work
    If an employee asks to find out what data is kept on them, the employer will have 30 days to provide a copy of the information.

    An employer should not keep data any longer than is necessary and they must follow the rules on data protection.

    ReplyDelete
  3. It's pretty scary being asked to provide data that most would find intrusive or not relevent. It's also concerning when the data being requested can be cross referenced against itself to extract more information about someone that they have no right to be asked to provide.
    It's even more disturbing being asked to provide data to an employer that very soon won't be your employer. Why would they want that information on employees just at a time when the employee/employer relationship is soon to be severed?
    Seetec have in the past with relation to their DWP contracts come under fire for their handling of personal data. But they're a corporation with profit as their only objective, and as data is now such a valuable global commodity its no surprise to see big corporations exploiting regulations or even laws to cream off a bit of the new digital gold.
    It's a scary thought, but is there any real difference between the way governments and private organisations collect and use personal data and the algorithms being used by agencies like the police, prisons, and probation to make assessments on bail, future offending and supervision?

    Not probation, but this from yesterday's Guardian is both disturbing, and a good example of how sinister a way the data your asked to provide can be used against you.

    https://amp-theguardian-com.cdn.ampproject.org/v/s/amp.theguardian.com/society/2019/jul/17/councils-refusing-to-share-personal-data-of-rough-sleepers-with-home-office?amp_js_v=a2&amp_gsa=1&usqp=mq331AQA#referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s&ampshare=https%3A%2F%2Fwww.theguardian.com%2Fsociety%2F2019%2Fjul%2F17%2Fcouncils-refusing-to-share-personal-data-of-rough-sleepers-with-home-office

    'Getafix

    ReplyDelete
  4. https://news-sky-com.cdn.ampproject.org/v/s/news.sky.com/story/amp/public-sector-workers-to-receive-biggest-pay-rise-in-six-years-11766122?amp_js_v=a2&amp_gsa=1#referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s&ampshare=https%3A%2F%2Fnews.sky.com%2Fstory%2Fpublic-sector-workers-to-receive-biggest-pay-rise-in-six-years-11766122

    ReplyDelete
  5. Shame there not as particular when assessing the offenders

    ReplyDelete