Dont use 'the data protection duck out'
Dont use 'the data protection duck out' to avoid appropriate staff vetting
Amid tight security, The Met Police and The Serious Organised Crime Agency (SOCA) has joined forces with PREFIT and some of the UKs key employers for talks on continuous and retrospective staff screening.
In the first event of its kind, Assistant Information Commissioner, Jonathan Bamford, told SOCAs packed briefing room: Employers sometimes mistakenly use the Data Protection Act (DPA) as an excuse to not screen staff when they could do, as long as they do it properly. I call that the data protection duck out.
Security and vetting professionals have always had to deal with a lack of knowledge and even misquoting of the DPA amongst employers. David Chernick, Chair of PREFIT, welcomed the Assistant Information Commissioners guidance: All too often, recruiters wrongly cite data privacy, employment and even human rights law as reasons why they cant screen staff. Thankfully, we now know for sure that employers can screen during recruitment, and again during employees tenure, as long they do it in the right way. That's good to know because when we investigate employee fraud, we find that 87 percent is perpetrated after the first two years of service.
The Information Commissioners Office gave employers eleven key questions about screening to check that policies comply with the DPA:
1. Is it justified?
2. Are you open about it?
3. Are the sources reliable?
4. Is the information itself reliable?
5. Is it the minimum information necessary?
6. Can information be challenged by the individual?
7. Is it recorded properly?
8. Is it used only for a limited purpose?
9. Is it not disclosed inappropriately?
10. Is it not retained longer than necessary?
11. Is the information held securely?
But the talks didnt end there. Richard Smith, PREFITs head of events also called on legal advice from Stewart Room, a partner with London City Law firm Field Fisher Waterhouse and author of Data Security Law and Practice, due out later this month. Stewart, whose data protection and privacy prowess is recognised as being at the forefront of the field (Legal 500), went further: Vetting staff is an obligation, not just a right. The Seventh Principle of the DPA, on information security, requires organisations to ensure the reliability of staff who process or control data.
Detective Chief Superintendent, Nigel Mawer, who devised Operation Sterling, the Met Polices strategy for combating economic crime, said of the talks The PREFIT forum has overcome a long standing hurdle in the fight against insider crime by informing employers that the Data Protection Act does not prevent vetting.
Poor screening is a key enabler of economic crime and I strongly encourage all employers to carry out appropriate and lawful pre-employment, retrospective and continuous screening of all their staff so that all threats to company and personal data from internal sources are eradicated.
Commenting on the success of this event, Richard Smith said Were delighted that todays talks attracted such overwhelming interest and support, and that feedback from participants was unanimously positive. In the coming weeks well announce further plans, for example, to tackle more legal issues, temporary and contract worker security, staff criminality and probity.
PREFIT is a network of Police, counter fraud and security experts and organisations and background screening professionals. Recognising the heightened threat of fraud and other crimes perpetrated by employees, contractors and other insiders, PREFIT aims to:
gather and analyse information about insider threats from diverse sectors, law enforcers and other agencies and experts and
share information about the threats and good practice about reducing the harm caused by insider threats with the employers that such threats target.
PREFIT organises briefings and workshops that bring together the employers who are victims of crime with the agencies and experts who have the know-how to combat it. PREFIT does not earn a profit from its activities.