webinar presentation slides

advertisement
Data Protection Act 1998
section 56: Enforced Subject
Access – What you need to
know
Section 56: What you need to know
From the 1 December 2014 it will be a criminal offence to require an
individual to make a subject access request for information related to
their criminal past. The offence relates to circumstances relevant to
the employment of an individual or the provision of goods, facilities or
services to an individual.
It is punishable by way of an unlimited fine in England and Wales.
Different statutory maximums apply in Scotland and Northern Ireland
depending on where the offence is tried.
Section 56(1): What does the Act say?
Section 56(1):
‘A person must not, in connection with –
(a) The recruitment of another person as an employee,
(b) The continued employment of another person, or
(c) Any contract for the provision of any services to him by another
person,
require that other person or a third party to supply him with a relevant
record or to produce a relevant record to him.’
Section 56(2): What does the Act say?
Section 56(2):
‘A person concerned with the provision (for payment or not) of
goods, facilities or services to the public or a section of the
public must not, as a condition of providing or offering to
provide any goods facilities or services to another person,
require that other person or a third party to supply him with a
relevant record or provide a relevant record to him.’
Section 56: Scope of the offences
Section 56(1):
•
Designed to cover all areas of employment and only needs to be ‘in
connection with’ any of the matters mentioned.
•
56(1)(a) & (b) cover the process of recruiting employees or checks as part
of continued recruitment.
•
56(1)(c) – ‘any contract for provision of services to him…’ covers situations
such as contractors.
Section 56: Scope of the offences
Section 56(2)
• Covers persons concerned with the provision of goods facilities or
services to the public.
• Goods, facilities and services is not defined but will include things
such as insurance.
• ‘in connection with’ v ‘as a condition of’ – Section 56(2) is slightly
narrower in scope than 56(1)
Section 56: Other key terms
Require
•
Require has a variety of natural meanings, including ‘to make compulsory’ or ‘to make
necessary’.
We take a wide view of what would constitute a ‘requirement’ to cover:
•
Any circumstance where the data subject is given no choice but to make a subject
access request. (make a SAR or else…)
•
It can also cover circumstances where a data subject is ‘asked’ or ‘invited’ to make a
SAR.
•
The consequences to the individual of not making a SAR, be they actual, likely
or perceived, will be an important consideration in determining the existence
of a requirement.
Section 56: Other key terms
Relevant record:
Defined in section 56(6) as being any record which:
•
Has been or is to be obtained from specified data controllers by a data
subject by way of a subject access request and
•
Contains information relating to any specified matter in relation to that data
controller (including a statement that no personal data relating to that
matter is being processed (s.56(9))
•
BUT does NOT include any record to the extent that it relates only to
category (e) personal data. (Section 56(6A))
Section 56: Defences
Section 56(3) provides for two defences:
• Where the imposition of the requirement was required or
authorised by or under any enactment, by any rule of law or by
order of a court, or
• In the particular circumstances the imposition of the requirement
was justified as being in the public interest.
• BUT – The imposition will not be in the public interest simply
because it would assist with the prevention or detection of crime
(section 56(4)).
Section 56 examples:
Richard is applying to work at a well known toy store. On the application form it asks him
to declare if he has any convictions or cautions. Beneath this, it asks if he would be
prepared to make a request for a copy of his Police National Computer (PNC) record and
provide them with the results. It has a tick box for ‘yes’ and a tick box for ‘no’. Richard
has no criminal convictions or cautions and so ticks yes.
Is this an enforced subject access?
•
The information requested would be a relevant record as it is information about
Richard’s convictions/cautions (even though no information is held) and it is to be
obtained by Richard making a SAR.
•
The likely effect of Richard ticking no is that his application will not be processed – In
effect he has no real option but to tick yes. This is sufficient for it to be a
‘requirement’.
•
The requirement is made in connection with the recruitment of Richard as an employee
•
This would be an offence under section 56(1)(a).
Section 56 examples:
Jonathan is seeking to volunteer at a local after school care association. As part of the
volunteer agreement, it says that Jonathan must make a subject access request for copies
of his PNC record and provide a copy of the response to them.
Is this enforced subject access?
•
The provision of volunteering opportunities is considered to be caught by the provision
of goods, facilities and services. The after school care association is therefore
‘concerned with’ the provision of goods, facilities and services to a section of the
public.
•
The information to be obtained is of a specified matter (convictions and cautions from
the PNC) to be obtained in response to a SAR. It is a relevant record.
•
Although not explicitly stated, if he does not make the SAR it is likely that Jonathan
will not be allowed to volunteer. This is sufficient for there to be a requirement. In
addition, since his ability to volunteer is dependant on him making the SAR, the
requirement is a condition of him receiving the goods, facilities and services in
question.
•
This would be an offence under section 56(2).
Section 56 examples:
Jenny has applied to a local housing association in order to get a property. Prior to
accepting her application, the housing association asks Jenny to obtain a copy of her
prison record and records of her national insurance contributions.
Is this enforced subject access?
•
The information requested is a relevant record – The table includes information
relevant to social security contributions and prison records.
•
It is to be obtained by Jenny in response to a SAR.
•
Jenny is not being offered a choice in this case although even if she were given the
option of saying no, it is likely then that her application would be refused. This is a
requirement.
•
The housing association are concerned with the provision of goods, facilities and
services to the public.
•
Her ability to get housing from the association is dependent on her making the SAR –
The requirement is a condition of the provision of service/facility.
Guidance
Guidance is available at the following link:
www.ico.org.uk/enforced
Keep in touch
Webinar video and presentation
slides available from
ico.org.uk/webinars
Download