The CIPD has said it would not contact HR managers working in construction firms named by the Information Commissioner’s Office for unlawfully buying personal data on ‘undesirable workers’.
The Information Commissioner found that 40 construction firms had been secretly buying confidential data on workers from a body called The Consulting Association (TCA) in for the past 15 years.
A raid on the office of the TCA, based in Droitwich, Worcestershire, revealed a serious breach of the Data Protection Act, according to the Information Commissioner’s Office (ICO).
The objective of buying and then holding this confidential information is thought to have been to help employers steer clear of union militants.
The ICO said a secret system was run for more than 15 years, which enabled employers to unlawfully vet job applicants.
However, the Chartered Institute of Personnel and Development (CIPD), the body which aims to uphold professional standards in HR, said it would not be speaking to it members responsible for recruitment in the firms named by the ICO.
“We are not going to look into it unless we get a complaint [against an individual],” a CIPD spokesman told Personnel Today.
The CIPD’s code of conduct is for individuals, not for companies, the spokesman added. “Just because a member is part of a company, it does not mean that they were involved.”
In a statement, the CIPD said it backed the decision by the ICO to prosecute a company for selling sensitive personal data and to investigate up to 40 construction companies suspected of buying the data in breach of the law.
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
The CIPD’s senior public policy adviser Ben Willmott said, “This case illustrates why it is so important that employers understand their responsibilities and potential liabilities under data protection law. It will not only help raise awareness among those in breach of the law, but also encourage them to improve their approach. Employers that ignore their legal obligations risk reputational damage and potential prosecution in the courts.
“The CIPD has very clear guidance for members on this issue, which is in accordance with the advice from the Information Commissioner’s Office. The processing of sensitive personal information, including details of union membership, is unlawful except in a limited number of circumstances – for example, where the individual involved has given their consent.”