The Data Protection Act Does not Bar Pre-employment, Retrospective or Continuous Employee Screening

Discussions were held in November 2009 regarding retrospective and continuous staff screening, the meeting involved the Met Police and SOCA (The Serious Organised Crime Agency), PREFIT (Protecting Employers From Insider Threats) and some of the UK’s key employers.  

A major concern for organisations implementing pre-employment screening processes for the first time is where to start and end the scope of the screening.  Many opt to simply carry out a pre-employment screening process, checking the credentials of the person before they join the company but this misses two potential problem areas.

The first is whether to screen current staff or not when the new screening process is introduced, this retrospective screening is difficult because it could be seen that screening current staff is tantamount to stay “we trusted you yesterday but we don’t trust you today”.  But, we have worked with a number of organisations who have successfully instigated screening on current employees and it has often caused anxiety amongst employee, HR and security professionals alike.  There may be a requirement to seek Union approval in some cases too.  Retrospective screening is a delicate matter and one that needs careful consideration with full consultation of the employees, communication of the reasons and what it will entail.  For the HR and management there also needs consideration of the what if’s.  What if a retrospective check on a long term trusted employee reveals something of concern?  How these issues are managed differ from organisation to organisation but clearly if the issue is one that affect legal compliance then no matter how compassionate the organisation is it may have to dismiss the person or hand them over to the authorities in serious cases.  You may also need to consider what to do if a person refuses to be screened, after all we still need their permission to conduct the screening.  What if the person is working in the UK illegally, the organisation has a justified reason for conducting such checks.

At the meeting in November Assistant Information Commissioner, Jonathan Bamford, said “Employers sometimes mistakenly use the Data Protection Act as an excuse to not screen staff when they could do, as long as they do it properly. I call that ‘the Data Protection Duck Out’.”   Regular screening of employees can be a useful and proportionate check for example on driving and criminal convictions where these are essential elements of the job.  A driver that has been banned and continues to deliver goods could have a major impact on organisational reputation and legal/insurance perspectives if he/she subsequently was involved in an accident.

But, there seems to be a reluctance to carry out retrospective or continuous checks.  David Chernick, Chair of PREFIT said “All too often, recruiters wrongly cite data privacy, employment, and even human rights law as reasons why they can’t screen staff. Thankfully, we now know for sure that employers can screen during recruitment, and again during employees’ tenure, as long they do it in the right way. That's good to know because when we investigate employee fraud, we find that 87% is perpetrated after the first two years of service.”

Detective Chief Superintendent, Nigel Mawer, who devised Operation Sterling, the Met Police’s strategy for combating economic crime, said of the talks “The PREFIT forum has overcome a long standing hurdle in the fight against insider crime by informing employers that the Data Protection Act does not prevent vetting.  Poor screening is a key enabler of economic crime and I strongly encourage all employers to carry out appropriate and lawful pre-employment, retrospective and continuous screening of all their staff so that all threats to company and personal data from internal sources are eradicated”

The message is clear - effective and proportionate pre-employment screening helps organisations avoid a number of serious risks and the Data Protection Act is not a bar to screening current employees or carrying out continuous checks to assure the organisation that compliance requirements are being met.  The Data Protection Act requires that we act with transparency and below are some useful questions that should be asked when considering screening of any kind.

Data Protection Act: staff screening guidance
The Information Commissioner’s Office have provided eleven key questions about screening
to check that policies comply with the DPA:

1. Is it justified?
2. Are you open about it?
3. Are the sources reliable?
4. Is the information itself reliable?
5. Is it the minimum information necessary?
6. Can information be challenged by the individual?
7. Is it recorded properly?
8. Is it used only for a limited purpose?
9. Is it not disclosed inappropriately?
10. Is it not retained longer than necessary?
11. Is the information held securely?

If you have any questions about this article or require advice on pre-employment screening, retrospective screening or continuous screening do not hesitate to contact us in confidence at info@agenda-security.co.uk.

Back