The Information Commissioner's Office (ICO) has today announced that a firm which has sold employees confidential data to construction firms has breached the Data Protection Act.
The system which was run by this firm gave opportunities to employers in the construction industry to pay for information on possible employees and effectively vet these possible employees. The information included details such as the individual's name, details of their previous employment and whether they had any involvement in trade unions.
As this confidential information was held without the knowledge of the individuals, this conduct represents a serious breach of the Data Protection Act. An Enforcement Notice was subsequently issued to the offending firm in order to stop them from continuing this illegal activity.
The ICO has also announced that the owner of the offending firm will face prosecution as he was never registered as a data controller with the ICO and so should not have been handling such data.
It is estimated that there are over 40 construction firms that were purchasing information from the offending firm. The ICO has stated that these firms will be investigated in a bid to discover the extent of their involvement. For these construction firms there is a potential threat that the ICO will issue enforcement proceedings against them.
This will mean that the construction firms will be disallowed from utilising the personal data and will also be prohibited from becoming involved in this sort of activity again. Failure to conform to these conditions could lead to prosecution.
The ICO will now conduct further investigations in order to find out whether the sale of confidential information is a more widespread activity than originally thought and will take the action necessary to prohibit this from happening in the future.