Employers are prohibited from requesting criminal background checks or clearances, except in specified, sensitive sectors explains Jennifer O'Neill

“Am I hiring the right person for the job?” is a question frequently asked by employers. In addition to reference checks from previous employers and pre-employment medical examinations, some employers conduct background checks.  Although such checks may be standard hiring practice in other jurisdictions, there are considerable restrictions in Ireland on the level of screening that an employer may conduct. 

Under the Data Protection Acts 1988 and 2003 (the Data Protection Acts) individuals have the right to access personal data about themselves that is held by An Garda Síochána.  This information can be requested either in writing or by completing a data protection access request form.  Disclosure in response to an individual's data protection access request is sent directly to the individual for his personal use. 

A practice had developed whereby employers required prospective employees to make an access request to An Garda Síochána (the Irish police force) and furnish this information to the employer.  This practice is now unlawful pursuant to regulations signed on 18 July 2014 which brought Section 4(13) of the Data Protection Acts into force. An employer or prospective employer now commits a criminal offence where he or she requires an employee, prospective employee or independent contractor, to submit a personal access request under the Data Protection Acts, in order to have data made available to him or her.  A maximum penalty of €100,000.00 may be imposed on any person who is guilty of an offence under this provision.

The National Vetting Bureau (Children and Vulnerable Persons) Act 2012, which is expected to come into force before the end of the year, puts in place a mandatory national vetting process for persons who seek employment in certain limited protected areas.  The type of worker that requires vetting is listed in the Act, but primarily includes those persons working with vulnerable adults and children and employees covered under the Private Security Services Act 2004. 

The only option available to employers (other than those recruiting employees covered by mandatory Garda vetting), is to use a self-declaration form.  Self-declaration forms generally include a questionnaire which seeks to establish whether an individual has ever been convicted of a criminal offence in Ireland or in any other country.  An employer may seek to exclude certain minor road traffic offences if they are not relevant to the role in question.  It should be clear that a failure to disclose criminal convictions may result in the lawful revocation of the offer of employment or the invoking of the disciplinary procedure if it is discovered at a later stage that convictions were not disclosed.

Employers need to exercise care if they intend to gather information of this nature during the recruitment process and consideration should be given as to whether the requirement to complete a self-declaration form is justified and reasonable in the circumstances before engaging in such a practice. The employer will have an obligation to act fairly and reasonably in making all recruitment decisions and has obligations under the Data Protection Acts in relation to how it handles and stores the information received on such forms. The information disclosed is very sensitive personal information about a prospective employee and there are strict rules under the Data Protection Acts in relation to the processing and retention of such information that need to be complied with. - The rules include a requirement to keep the information safe and secure; to keep, use and disclose it only for the purpose for which it was collected; and to retain it for no longer than is necessary. 

As this is a complex area we would recommend that advice is sought before seeking to gather such sensitive information from prospective employees.