A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Download PDF Print page
Published 25 February 2015
It has been announced that on 10th March 2015 the Data Protection Act 1998 (Commencement No. 4) Order 2015 (SI 2015/312), which will implement section 56 of the Data Protection Act 1998, will come into force.
Section 56 of the DPA will significantly restrict, by way of criminal offence, organisations from requesting that individuals use their subject access rights to obtain information (typically criminal records) about themselves for the use by the requesting organisation.
The rationale is that criminal records should be properly obtained through the Disclosure and Barring Service (DBS), where release of such records is subject to the restrictions and permissions of rehabilitation of offenders legislation. Prior to the ban on enforced subject access, organisations had been free to request individuals obtain the data directly from the police (or other organisations holding a full criminal record of the requesting individual). The data obtained can typically contain both spent and pending convictions, neither of which would be discloseable to an organisation requesting basic disclosure from the DBS.
Such requests have been typically made by employers for applicants for jobs and by the insurance industry, which has often required that policyholders/claimants obtain criminal records through subject access to the police and other bodies. The webinar and related guidance addressed this directly and states that the proper route for insurers obtaining information of this kind was from DBS Scotland. Insurers are permitted to make a basic check (with the consent of the data subject) but are not permitted to undertake a standard or enhanced check. The ICO stated that parliament had put in place the DBS checking system, with its accompanying rules, to govern access to an individual's criminal record, and that subject access should not be a way of circumventing these rules.
There is an exemption from this ban, if requiring the subject access is "in the public interest". Although we predict that many financial services companies will think it is in the public interest to obtain details of individual convictions, beyond those obtainable through basic disclosure, for the prevention of fraud etc. the ICO has made it clear that it could think of no example falling within this exemption.
To view the enacting order, please click here.
To view the ICO's guidance, please click here.
Ensure criminal records are being obtained through the DBS (employees) and Disclosure Scotland (basic disclosure for policyholders / claimant).
London - Walbrook
+44 (0) 20 7894 6925
By Rhiannon Webster
By Shehana Cameron Perera, Lorraine Ekong, Jade Kowalski, Rhiannon Webster, Ceri Fuller, Khurram Shamsee, Christopher Air, Sophie Devlin
By Aleksandar Dimitrov, Neal Pal
By Rhiannon Webster, Charlie Christie
By Hans Allnutt
By Hans Allnutt, Mark Anderson, Gregory Bautista, Anjali Das, Kieran Doyle, Bastian Finkel
By Hans Allnutt, Rhiannon Webster
By Hans Allnutt, Patrick Hill, Laura Stewart, Lorraine Ekong
By Lorraine Ekong, Hans Allnutt
By Hans Allnutt, Camilla Elliot
By Hans Allnutt, Patrick Hill
By Ceri Fuller
By Hans Allnutt, Rhiannon Webster, Patrick Hill
