Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Privacy Businesses Your Rights Online

UK Company Sold Workers' Secret Data 122

Posted by kdawson
from the art-of-the-blacklist dept.
krou writes "The BBC is reporting that the Information Commissioner's Office has shut down a company in the UK for a serious breach of the Data Protection Act. It claims that the company, The Consulting Association in Droitwich, Worcs, ran a secret system that it repeatedly denied existed for 15 years, selling workers' confidential data, including union activities, to building firms, allowing potential employers to unlawfully vet job applicants. About 3,213 workers were in the database, and other information included data on personal relationships, political affiliations, and employment histories. More than 40 firms are believed to have used the service, paying a £3,000 annual fee, and each of them will be investigated, too." The article says that The Consulting Association faces a £5,000 fine — after pulling in £1.8 million over 15 years with its illegal blacklist.
This discussion has been archived. No new comments can be posted.

UK Company Sold Workers' Secret Data

Comments Filter:
  • by KiloByte (825081) on Friday March 06, 2009 @08:36AM (#27090391)

    It's kind of hard to say "continue, please" louder than by slapping such an enormous fine.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Actually, it can get a lot worse for them, they can be forced to stop all data exports for a long investigation time. I was on a project receiving data for a rather large global company (who is making the news quite regularly these days) from all European markets as part of a pan Europe system. The data itself was nothing special, the company owned it in each market and was merely transferring it around within, yet one country data protection overlords somehow found protocol wasn't precisely being followed.

    • Sounds like a solid business plan

      • Re: (Score:1, Offtopic)

        by cayenne8 (626475)
        "Sounds like a solid business plan"

        Well, it was. This is an old school method...currently being replaced by just scanning the internet in general, target searching on Facebook and the like.

        As much as the old music industry is hurting with online distribution, so will services like this due to this kind of information being out there for free.

        • Well, it was. This is an old school method...currently being replaced by just scanning the internet in general, target searching on Facebook and the like.

          As much as the old music industry is hurting with online distribution, so will services like this due to this kind of information being out there for free.

          I concur, I limit the amount of info on my social sites. It's neither safe nor is it ethical some of the practices or conclusions that these create. Does it really matter that someone dressed up on Halloween like a pirate, does that make them a software pirate? But that is what some dumb folk will say if they look on a facebook page of wacky drunkeness.

          ok I am blaming the stupid here and....

          oh wait thats ok. If they have no clue I wouldn't work for them anyway. If you have to rely on someone else to tell y

      • OK, 3,213 employees(and former employees, one would think) in the database. Forty firms are paying £3,000 on a yearly basis for information on that tiny little group... How often do those 3,213 people apply for new jobs?

        These numbers are like Minnie Mouse, I think they're fu*king Goofy.
    • by Shakrai (717556) on Friday March 06, 2009 @09:00AM (#27090673) Journal

      It's kind of hard to say "continue, please" louder than by slapping such an enormous fine.

      What are the odds of the employers who illegally used said database being fined or punished in some way? Punish the people who used the database and you'll find that the next time someone offers up illegal information for sale they'll have a much harder time finding customers.

      • If it's the same small statutory fine, they could just pay it and keep going. It's not like this data is a product they're selling, this data is just a small HR cost with potentially large abusive rewards.
    • I'm sure the lawsuits by the people on the list who have been denied employment because of it, will be much more helpful in making sure companies don't want to go this route again.

    • Inaccurate summary (Score:5, Informative)

      by Apatharch (796324) on Friday March 06, 2009 @09:26AM (#27090967)

      ...what a surprise.

      The article does not say that the company is being fined £5000; it's the owner himself who faces prosecution, and hence a criminal record.

    • Re: (Score:3, Interesting)

      by u38cg (607297)
      I think the fine is a legal maximum; when the law was written it was never envisaged that a company would be abusing data in this way.

      Am I right in thinking that a company doing this would, in general, be entirely legal in the US?

      • by DavidTC (10147)

        What sort of moron would write a law where the penalty doesn't apply per incidence?

        • by digitig (1056110)
          The penalty does apply per incidence. There is once incidence. The prosecution is for failing to register the company with the data protection office, not for selling the data. And the summary also appears to be wrong to say that the DCO has closed down the company; all the report says is that it has already ceased trading.
      • Am I right in thinking that a company doing this would, in general, be entirely legal in the US?

        No...no, you're not.

    • by Tony Hoyle (11698) * <tmh@nodomain.org> on Friday March 06, 2009 @09:54AM (#27091319) Homepage

      The company has been shut down. Its owner faces prosecution *and* a £5000 fine (and for a case like this they will go for the maximum penalties).

      Also all its customers are now under investigation and also face possible prosecution.

      Also both the original company *and* its customers are wide open for legal action against them if they denied anyone a job because of this data.

      That's a pretty fucking heavy disincentive for anyone doing it again.

      • by Hatta (162192) on Friday March 06, 2009 @11:47AM (#27092717) Journal

        Let us know when it actually happens.

        • That's "if" it actually happens.

        • Union leaders were taling all day about this.

          There was legislation in place, that the government did not enact, because the existence of such black lists hasn't been probed at that point!

          I am not really making this up. Check the BBC or other British media...

          The current Labour government is a complete embarrassment to the notion of Democracy.

      • by jonbryce (703250)

        The maximum penalty is a £5000 fine, plus a court injunction preventing them from doing it again. If they do it again, which they won't, they could be jailed for contempt of court.

        Most likely, another company will start up in another part of the country doing the same thing, and in 15 years time, it will get fined £5000.

        Of course construction companies are not hiring in significant numbers at the moment anyway, so maybe they will wait a few years before this new company is set up.

    • by compro01 (777531)

      Much nicer idea would be 5k pounds times 3213 instances. That would handily disappear those profits almost 9-fold.

    • Re: (Score:1, Offtopic)

      by rhyder128k (1051042)

      "It's kind of hard to say "continue, please" louder than by slapping such an enormous fine."

      Oh come on, it worked with Microsoft. Oh right...

  • by pmarini (989354) on Friday March 06, 2009 @08:39AM (#27090425) Journal
    surely the damage done over 15 years to the families of those not employed because of this illegal practice is much bigger than £1.8mln...
    • Re: (Score:2, Insightful)

      by filekutter (617285)
      I agree with you totally pmarini. Unfortunately this is just the proverbial iceberg tip, with much more still hidden. These are corporations whose activities the last few decades since Reagan have centered on removal of restrictions, merging of interests with national law, and abolition through demonization of unions.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      A few key details were left out of the article.

      1.) Did the workers agree to background checks?
      2.) Was the information provided false?

      If no to #1 or yes to #2, they have grounds to sue the company individually. The fine is only from the government. This happens every day in the US, but you don't hear much uproar.

      • by dkleinsc (563838) on Friday March 06, 2009 @09:39AM (#27091131) Homepage

        Even if they agreed to a background check, they probably didn't agree to be checked for activities that aren't in any way illegal or reflecting on job performance, such as (FTFA) "ex-shop steward" or "Irish ex-Army".

      • by g_attrill (203506)

        In this case it's not the checking of the employees that is the focus of attention (it says the companies using the service were written to and warned), but the building of the database. The employee's details were not allowed to be shared in such a way without their permission, and the company wasn't registered to even create such a database. Certain details (such as records of them reporting safety breaches, union membership etc) would be of debatable legality in any database of that tye.

    • This decision establishes that The Consulting Association's actions were illegal. In the US, The Consulting Association would now be the target of lawsuits from workers affected by those illegal actions. I'm not quite sure if it's the same deal in the UK.
      • by digitig (1056110)

        This decision establishes that The Consulting Association's actions were illegal.

        No it doesn't. That won't be established until the court rules on it, and it hasn't come to court yet.

        In the US, The Consulting Association would now be the target of lawsuits from workers affected by those illegal actions. I'm not quite sure if it's the same deal in the UK.

        Not yet, because it's not yet established that the actions were illegal. Even if the ruling goes the way everybody here assumes it already has, all it will establish is that the data was being sold by a company not properly registered with the DCO, not whether the selling of the data is itself illegal. Indeed, it seems it isn't, because (from the RA) 'A spokesman for the Department for Business said it did

  • How are the company's actions different than those of the government?

    • Re: (Score:3, Insightful)

      by jandersen (462034)

      Does your government sell information about your political activities etc to a cabal of semi-criminals? No? Well, there you have your answer, then.

      Just because you have an ingrown bias that tells that "Everthing the government does is evil, and everything a private business does is sort of OK, even if it is criminal" doesn't mean that it makes sense. You would probably benefit from taking off your blinkers once in a while.

    • The government sells personal information about workers (such as political activies) to companies so that they can illegally vet employees? Care to provide some citations?
    • How are the company's actions different than those of the government?

      Governments can be held accountable for their actions.

  • by ab8ten (551673) on Friday March 06, 2009 @08:44AM (#27090499)
    This blacklist was specifically for the construction industry - for those who haven't RTFA. The terrible thing is that this list, and its sale for money, has been around for years and years. It's the industry's dirty little secret. It's only now they've computerised the records that they can use the Data Protection Act to prosecute. Sadly, I have no doubt that the information will live on somehow. All the major players have fingers in the pie and won't give it up, I think.
    • Re: (Score:2, Interesting)

      by krou (1027572)
      The Data protection act has been around for about 10 years already in the UK, and from what I can understand, the electronic database has been around for 15 years. They didn't recently digitize it. Of course, before then, it's anybody's guess, but these guys could have been prosecuted 10 years ago.
    • by pjt33 (739471) on Friday March 06, 2009 @09:06AM (#27090749)

      It's only now they've computerised the records that they can use the Data Protection Act to prosecute.

      That's not true. The DPA covers "information which ... (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system", where "relevant filing system" is defined as "any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible."

    • It's only now they've computerised the records that they can use the Data Protection Act to prosecute.

      Absolute rubbish the UK DPA has applied to paper records since it was updated in was updated in 1998 please get your facts straight

  • Tortuous? (Score:3, Interesting)

    by DoofusOfDeath (636671) on Friday March 06, 2009 @08:51AM (#27090567)

    The article says that The Consulting Association faces a £5,000 fine â" after pulling in £1.8 million over 15 years with its illegal blacklist.

    Are they also open to civil lawsuits from affected employees?

    • by krou (1027572)
      Looks like it. According to the video on the BBC page, the ICO claims that if someone can prove they suffered as a result of this database, they can claim compensation.
      • So, I wonder what the odds are that potential claimants will be pushed into the delightful catch-22 of "Oh, sure, if you were on the secret list you would be entitled to redress; but secret list is secret, so how are you going to prove that?"

        It happens [eff.org].
        • Re: (Score:3, Interesting)

          by krou (1027572)
          Yeah, not going to be too easy, but at least they're taking it seriously and offering help. According to news on the ICO's website [ico.gov.uk], "From 16 March the ICO will operate a dedicated enquiry system for people who believe personal information about them may be held on the database. Members of the public are advised not to contact the ICO until 16 March."
  • Anyone remember The Economic League [wikipedia.org]? I'd be surprised if someone wasn't still maintaining it.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      In fact, this Guardian article [guardian.co.uk] suggests that Ian Kerr, the man behind this company, used to work for the Economic League.

  • by krou (1027572) on Friday March 06, 2009 @08:52AM (#27090591)
    Just to point out that the original BBC article (when I submitted the story to /.) had a quote from the notes in the illegal database stating that someone was a member of the Communist Party, hence why I mentioned it contained political affiliations. Not sure why the BBC removed this, but just thought I'd mention it in case someone wonders why.
  • 4. ????? (Score:4, Funny)

    by Ogive17 (691899) on Friday March 06, 2009 @08:55AM (#27090611)
    Finally we figure out the 4. ????? before 5. Profit!
  • by ringbarer (545020) on Friday March 06, 2009 @08:55AM (#27090617) Homepage Journal

    Let me get this right:

    British Employers are paranoid that potential employees are Communists or worse. They subscribe to a secret blacklist that potentials have no knowledge of or ability to refute allegations. Anyone blacklisted will not be employed, but the work still needs to be done.

    So they draft in cheap labor from countries that didn't even exist twenty years ago. As these migrant workers aren't on the blacklist, they get cherry picked for work that local labor should have the same rights to apply for. The end result being the rise of local unemployment through no fault of the workers.

    No wonder their economy is fucked.

    • by myxiplx (906307)

      Christ knows why this got -1, I'd mod you up if I got the chance.

      If this turns out to be even part of the reason why so many foreign workers are being employed, heads need to roll.

      • Re: (Score:2, Flamebait)

        by u38cg (607297)
        Foreign workers tend to show up on time and do the job without whining. I'd take half a dozen random Poles over half a dozen random Brits any day. Why British people are so convinced they deserve a job in front of people who work harder and for less than they do is a source of constant mystery to me.
        • Re: (Score:1, Insightful)

          by Anonymous Coward

          Translation: I'd prefer to employ illegal immigrants because if they complain about dangerous working conditions or being paid less than minimum wage, I can just have them deported rather than doing something about the problem.

          • Re: (Score:1, Informative)

            by rich_r (655226)
            It'd work if it wasn't for the fact that Poles are entitled to work in the UK.
            Immigrants yes, illegal no.
      • Re: (Score:3, Funny)

        Christ knows why this got -1, I'd mod you up if I got the chance.

        Because "ringbarer" is on the secret /. mods Neg-list(TM)? ;)

    • Actually, the economy's fucked because we don't actually make things any more. The trend since the eighties has been for Britain to turn into one big bank. We don't make things - we finance other people to make things, and take a cut of the proceeds. Or rather, we sell their debts on to get the cash up front now and let someone else hold that risk. Or, even more profitably, we wait for someone else to finance yet another someone else to make things, we buy the debt, repackage it, and sell it on to the emplo
    • Re: (Score:1, Informative)

      by Anonymous Coward

      British Employers are paranoid that potential employees are Communists or worse.

      I think you're extrapolating USA anti-communist paranoia to the UK. Trade unions are fairly mainstream - heck, the current ruling party originated as the political arm of the trades unions and they rarely talk about deposing the Queen and hoisting the red flag over London these days (Mind you, the Labour Party and the unions aren't quite as pally these days - the unions having discovered that, whoever you vote for, the Government always gets in). However, union activists might be awkward about pay and condi

  • solution: (Score:4, Insightful)

    by Anonymous Admin (304403) on Friday March 06, 2009 @09:49AM (#27091251)

    Charge them with 3213 instances and fine them per instance. The profit disappears and so does the motivation.

    • Isn't there a solution proposed in many legal systems? Put oversimplified: "You cannot profit from the crime you committed"?

      I.e. they would have to give back* the 1.8 million pounds PLUS the 5 thousand pound fine. More than likely they don't have that 1.8 million laying around somewhere, having spent much of it in time, so that'll be fun to pay back... that 5 thousand would look rather trivial in comparison. This extends to doing interviews, selling movie rights, etc. - all of it would go back into payin

      • by canajin56 (660655)
        They already did that I think. The company is toast. The $5000 fine and/or jail time is for the owner, with them also looking for other people to charge criminally.
      • by mormop (415983)

        Better than that. Fine them the average annual wage lost by the builders on their list, say £15,000 a year, times 3213 builders, times the number of years the list operated = £722,925,000 spread evenly across the data company and the customers that used them.

  • Let's say that I run a company and we are absolutely committed to never, ever hiring an "ex-shop steward". Let's assume there isn't a service on the Internet where I can look up people to determine if they were ever involved in union leadership.

    What am I to do? Well, I could just hire people in an uninformed way and hope for the best. Right?

    Wrong. I would (obviously) do whatever it takes to make sure that prospective employees are not and never have been union-affiliated. Sure, this might result in som

    • by VJ42 (860241) *

      I would (obviously) do whatever it takes to make sure that prospective employees are not and never have been union-affiliated.

      Then you would be acting unlawfully, here in the UK you have a right to be represented by a Union, not employing someone because of union related activities would be illegal in itself. Similarly, you can't refuse to employ someone if they refuse union membership (as seems to be the case over in the states judging by previous /. posts complaining about unions)

      • by Ironica (124657)

        Then you would be acting unlawfully, here in the UK you have a right to be represented by a Union, not employing someone because of union related activities would be illegal in itself.

        It's also illegal in the US.

      • ... how would anybody would ever know? you should know that in the UK you have the right to see all the documentation about how a company reached the decision to hire a certain person to fill a position when you are applying for that position.

        If they can't prove they did it based on objective criteria they would be in deep shit...

    • by jonbryce (703250)

      It is illegal to discriminate against people for engaging in trade union activities.

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.

Working...