andyr

My employer (telecom s/w) deals with a large British Telecoms company. This company recently queried our handling of data that we sometimes receive or even view on their own system (includes their own customer's personal details such as names, addresses etc) and mentioned that they presumed that we scrambled/anonymised this before it was handled by our off-shore teams. We do not do this. Now our company has told all of us that they have come to an agreement with this company that all of the employees that access their data will go through a security vetting procedure. This includes the completion of a form with info such as previous addresses, mother's maiden name, any CCJ's etc etc Our HR dept claim say that they will be administering this for the client - have said they need thiswithin 48hrs from now, ie end of the week.
I don't really approve of this but if my employer is within it's rights to request this information that I guess I can't object too strongly without jeopordising my position. My suspicion is that the HR dept will just hand over everything to the client and it won't be a case of only providing such information when they are asked for it - would be extra hassle for the HR dept to do that.
Wonder what the law is - it's not a case of the employer needing this for their own checks on me, it's a case of a customer wanting this and the employer bowing to their request.

DCI Gene Hunt

Security vetting.... nothing to fear unless you have convictions for fraud or deception then it will be an issue, and to be fair it should be at that point.

boomer

I would refuse!

The "nothing to hide, nothing to fear" argument is irrelevant - that data is nothing to do with them! If they say that it is required for you to do your job, then they are effectively changing your job description/contract which you can refuse to accept. If they fire you, that is constructive dismissal. If they say that the job can't be done without you being (and coincidentally another discussion in this forum) "data raped", it means that the job has gone away and they have to offer you redundancy.

Are you part of a team who are all being asked to do this - find out what the rest think? Are you in a union - get your money's worth out of your subs and get them involved?

So what on earth are they going to do with details of your old addresses etc.?? I am sure that is completely irrelevant from a data protection perspective and cannot be stored. As for potentially giving the data to a third party over which you have no control - totally unacceptable.

Also, giving you 48 hours notice, even if you agreed to supply the information, is taking the ****.

As for "This company recently queried our handling of data" - how come they want to snoop on your personal data??? Pot, kettle, black!!!

Keep copies of any formal requests from your company for such data - they are on dodgy ground and could probably get into trouble for this.

Oh, and please note that IANAL - hopefully more cleverer people will reply with their thoughts too

mb

andyr

I've not had a chance to ask others - most got asked for this a few weeks ago, the few of us that didn't couldn't understand why we weren't all asked at the same time, probably no reason other than an admin issue. 1 guy that I sit beside who was also asked today is of a similar attitude to me - said he'dspeak to his wide that has many lawyer associates and friends, the rest, without asking them (which I'll do tomorrow) probably rolled-over as most people have the 'jump ? How high would you like me to jump ?' attitude. We've had many rounds of redundancies over the past few years here so generally people aren't wanting to stick out as a troublemaker. No union presence.

I'd like to either say Nope, not providing the info or complete the bits of the form that are pretty innocent but it will get bouncedback to me I'm sure of that.
Asking for such detailed personal info seems so excessive. Are we ensuring that our customer's people that can access this data also security vetted ? Is it going to be stored in a secure manner ? Peees me off that the company just expect us to say Yeah, ok here's everything you ask for with no questions asked.

al02uk

iTrader: (1)

I agree with Boomer,

Info on Criminal Records should only be sought if it is relevant to the job being filled.
Your job cannot all of a sudden become relevant if one of the Employers clients demand that these checks are carried out. They are certainly not entitled to see the information without your consent anyway.

I employ 25 fuel tanker drivers and in the last year been allowed to carry out CRB checks on potential employees, however I am not allowed to back track and check exsisting drivers. Most of my driver are Union members, so you can imagine how colourful some of the conversations were.

My bottom line was, I could be employing a convicted arsonist to drive a tanker carrying 36,000ltrs of petrol, obviously something I don't want to do.

We also lost a customer because they were working on an RAF base, they requested that all of my drivers had vetting before being allowed on the base. After consulting our legal advisors, they advised us to let the customer go.

Hope this helps a bit.

Simon C

I work with card details and have never been vetted. Anyone coming in now, is vetted. Even with all the rules tighening in the industry, I have never been asked for anything or have been told I will be checked.

chris270181

sc .. Security clearance i'm going through this at the min for a potential job, as stated its nothing to worry about unless you have any serious convictions. there is different levels of clearance depending how sensitive the info you have access to. And is useful to have especially if you want to move over to another it/telecomunications company.
A friend of mine has dv clearance (A HIGHER LEVEL OF CLEARANCE) and gets paid alot of money just for plugging in pc's that may contain sensitive data..
Although it is weird how all of a sudden you need it?, also you can only get security clearance through a sponsor ie the company you work for etc.. So in the long run may it be beneficial to yourself

Tidgy

i wouldn't be so sure that they can't get rid of you. you will no longer be suitable for the job and fall into the redundancy category, all they have to do is change the job title on mass.

if nothing to hide then don't worry. the company i work for don't have security checks on mass, however some of the departments work with secure data and clearance has to be obtained which includes security checks (if you knew the work you'd be greatfull they do this).

but put it from the perspective of the person whos data it is, if it was your data would you want just anyone to have it?

i wouldn;t worry at all, as long as you have nothing to hide then its just a formality

DCI Gene Hunt

Now don't get me wrong - but I agree that the parent organisation (i.e. the one you work for) should ensure that you handle this data sensitively and are absolutely right in requesting employee checks for people working with it. I'm somewhat shocked that you're able to just send this data 'unencrypted' offshore where it's then uncontrolled and up for the highest bidder. So in this case I feel there's justification for undertaking these checks on all sub-contractor labour.

I wouldn't use a company that sent my data offshore to any old tom, dick or harry and that's without going into the liability issues surrounding something happening with that data that affects an individual's that was the responsibility of the parent organisation to protect.

Just a thought

Tidgy

http://www.direct.gov.uk/en/Employme...ns/DG_10037116

heres the link to the gov info on it, seems to condradict itself. However, even if you were to take it to an employment tribuneral, i can't see you standing a chance at all of winning. It looks like, as above, they could go down the redundancy route, which you would have very little argument for. you could no longer do your job so by default would be surplus.

DCI Gene Hunt

I'd let your legal advisors go

Leslie

We used to get very heavily vetted for my job. Not allowed near any of the necessary information if you could not pass it.

Les

andyr

Careful re-reading of the consent form does clarify but not totally :
the requirement, as mentioned, comes from the external company, our customer, whilst it also states that it is the company Backcheck that will be performign the investigation on behalf of my employer. Also states that that by completing the form we are authorising "BackCheck to retain and release all information obtained as part of these background investigations to my employer"
but also indicates that they may "release my personal information to third parties where this is required for the completion of background investigations"
I have now requested info on how this info will be made available to the client, ie will it be provided in full as I detail or will the customer be provided with a summary if/when they require it, ie they ask if an employee (ie me) has any areas of concern then they are told yes/no as appropriate.
Will await their feedback now.
Seems we are using this Backcheck company (form indicates all data protection etc etc will be adhered to) which gives less of a worry to me but I'd like to know what it then passed on to the customer.
Giving out passport number, previous addresses, mother's maiden name, any criminal convictions, bancrupcies, CCJs etc is not info I want to distribute to all and sundry.

al02uk

iTrader: (1)

Could you tell me why please?

I only ask becasue we pay them £30,000 a year for H&S and legal support. This covers a company with a turnover of nearly £1 billion a year, so we obviously need good legal protection. Now if your telling me I can get accurate legal info on Scoobynet for free instead, then I will cancel the contract with them

DCI Gene Hunt

Please explain the complications in getting basic security clearance for an MOD site that made you feel that it wasn't worth persuing as a business. I'm not impressed by the £1 billion - make it £12.5 billion and I'll be interested. Still with advice like that you've already been given I guess that'll never happen....

SJ_Skyline

Your employer is potentially in breach of the DPA by offshoring personal data and you will more than likely fail a government export audit. The security clearance side of things is nothing to worry about - standard practice for many contracts when dealing with personal data, usually only up to BC level. I would be more concerned that personal data is being sent unencrypted outside the EU for processing.

douglasb

It isn't.

Constructive dismissal is where an employee is put in an impossible position and resigns as a result. (Note - the employee is the one who gives up the job). If the employer gets rid of an employee the dismissal may be "unfair" or "wrongful" but it isn't "constructive".

al02uk

iTrader: (1)

The complications are that you simply cannot ask someone who has been doing the exact same job for you for the past 10 years, without the need for any CRB checks to all of a sudden demand they carry out one, just because a customer wants you to....Fact. It is not in their contract or initial offer letter. The Job requirements would need to change, any new drivers I take on now have CRB checks, but I still have no right to go back and insist that the already established drivers have to have one done.

The CRB states very clearly that it is illegal to insist that a CRB check forms part of an tender, unless the service you provide meets the critera for a CRB check. delivering 5000ltrs of diesel onto an MOD site does not meet this criteria. We informed them that this was the case and we could do no further business with them, and guess what?....no one else would either. We now go to the same RAF base but are simply escorted to the tank. The same thing happened when the tender came out for the Olympic park project, we refuesed, yet we are the contracted fuel supplier.

I didn't just take a snippet of information from a website and draw my own conclusions from it, did you?. Because of our location, the Met Police, Vosa and the FPS were all in the same consultation and the final conclusion was what I stated above.

A £1 billion turnover for 25 vehicles is pretty impressive actually, however that £1 billion needs to be protected from potential employee lawsuits. I am not interested in impressing you or engaging in some sort of "who is more intelligent" contest. The OP was asking advise, and having experiensed similar issues myself it was offered.

All you have done is come on here and attempt to point out peoples wrongs...and failed, you haven't actually got any decent advise to offer at all.

I'm sure that I will get some sort of smart a*$e reply from you, so I will leave you to it