Author: Timothy Pitt-Payne KC

A special offer for all our readers

Posted on | by Timothy Pitt-Payne KC

CPDcast have kindly agreed to give our readers free access to my podcast on Employment Vetting.

This is what you need to do:

Go to www.CPDcast.com
Register for a free account with your email address.
Click on ‘Browse the CPDcasts’.
Select ‘Information Sharing & Employee Vetting’ from the list.
Enter the code payne09 in lower case in the box at the bottom of the screen and click ‘Enter’.
Then click ‘Proceed to Checkout’.

This means that you will be able to download the podcast for the special offer price of £0.00.

Podcast on employment vetting

Posted on | by Timothy Pitt-Payne KC

Thanks to CPDcast, I have recently recorded a podcast on the subject of employment vetting.  It deals with various subjects, including CRB checks and the new ISA barring regime.  If you want to listen, it’s available here.  I hope to be able to post a code here in a few days (with the agreement of CPDcast) which will enable readers of this blog to listen for free.  It’s also worth looking at the rest of the site; they are very strong on information law subjects.

Lock up your data

Posted on | by Timothy Pitt-Payne KC

The importance of ensuring the security of personal data has been highlighted in a recent press release from the ICO dated 4 June 2009. The ICO has found Salford Royal NHS Foundation Trust in breach of the Data Protection Act, after a desktop computer containing sensitive personal information relating to around 3,500 patients was stolen. Although the computer was password protected, it was not encrypted or secured to a desk.

A formal undertaking has been signed by the Trust. It will ensure that: appropriate security measures are in place to restrict access to areas where personal information is stored; desktop computers are secured to desks to prevent easy removal; any personal data required to be held on a portable device is suitably encrypted; and personal details are not retained on any computer for longer than is required.

Mick Gorrill, Assistant Information Commissioner at the ICO, emphasised that the worrying trend of personal data losses must be rectified. He said:

“I am increasingly concerned about the way some NHS organisations are failing to securely hold people’s health and personal information. Organisations must implement appropriate safeguards to ensure personal details about patients do not fall into the wrong hands.”

Many thanks to Andrew Smith, currently a pupil at 11KBW, for preparing a first draft of this post.

Doing it by the book

Posted on | by Timothy Pitt-Payne KC

The Information Commissioner’s Office has today announced the latest version of the Privacy Impact Assessment Handbook.  As the title indicates, its purpose is to help organisations to identify and address the privacy risks of their activities.

Following the HMRC data breach in November 2007, the Cabinet Office introduced a requiring for all central Government departments and their agencies to conduct Privacy Impact Assessments (PIAs) when developing new systems. The ICO encourages all organisations to incorporate data protection safeguards into any new project involving personal information.

The handbook is in two parts: Part I (the first two chapters) gives an overview of the PIA process, with detailed information about privacy, common risks, and possible solutions; Part II  then gives a practical guide to conducing a PIA.  There are also four appendices, with examples of screening questions, checklist templates, and privacy strategies.

The handbook should help organisations to make reasoned judgments about the privacy implications of new projects or technological innovations. Some of the recommendations may overlap with privacy work already being done by organisations. A PIA does not have to be conducted as a totally separate exercise; indeed, it may be helpful to look at privacy issues in a broader policy context.

Many thanks to Andrew Smith, currently a pupil at 11KBW, for researching this post and preparing a first draft.

 

Who blacklists the blacklisters?

Posted on | by Timothy Pitt-Payne KC

In March this year the Information Commissioner took enforcement action against the Consulting Association, which had been operating a secret blacklist of employees in the construction industry, including details of trade union activity.  Today the Department for Business, Enterprise and Regulatory Reform has announced that new regulations will be introduced to outlaw the use of blacklists in this way.  There is a power to regulate under section 3 of the Employment Relations Act 1999, but so far it has never been used.  A consultation exercise is promised for early summer.  Draft regulations were previously prepared in 2003, and there was full consultation; so this time round the consultation will be shorter than the normal 12 week period.

It is very interesting to see such a direct link between action by the ICO, and new regulations.  The Government line had previously been that there was no evidence that regulations were needed.  The ICO has now provided them with their missing evidence.

Blacklists have a long history.  The Economic League attracted controversy in the 1980s (and was eventually disbanded in 1994); apparently it had a list of 22,000 political subversives, including one Gordon Brown MP.

Employment vetting is much in the news at present and is clearly attracting great interest.  We are currently considering an exciting project in this area:  watch this space!

Recent conference papers

Posted on | by Timothy Pitt-Payne KC

On 11 KBW’s main website, you can now find some conference papers delivered this month by members of chambers.

There’s a paper that I gave at a Northumbria University conference.  The theme of the conference was information sharing; my paper is about the new law on breach of confidence (post-Campbell v MGN).

Yesterday, the LGG/11KBW legal update conference took place, with about 115 delegates.  Karen Steyn gave a paper on recent case-law affecting local authorities; the first section is about information law.  I gave a paper about employment vetting.  In discussion, delegates were clearly very interested in getting to grips with the new ISA barring regime.  Questions were raised about its implications for elected members of local authorities, and for volunteers (e.g. parents helping out in schools).  

Another subject  raised in discussion was the recent decision of the Administrative Court in R(G) v Governors of X School and Y City Council.  A music assistant employed at a primary school was dismissed; the allegation was that he had formed an inappropriate relationship with a 15 year old boy who was on work experience at the school.  The school’s disciplinary committee told the employee that they would be reporting the case to the Secretary of State for potential inclusion in “list 99” (i.e. the statutory list of those banned from working in schools).  The Court quashed the decision because the school had refused to allow legal representation at the dismissal hearing or at a forthcoming appeal.  The disciplinary proceedings, and the referral to the Secretary of State for a potential banning direction, formed part of one and the same proceedings.  Those proceedings were not criminal in nature for the purpose of article 6 of the Convention.  However, their potential consequences were grave; and procedural fairness required the claimant to be allowed legal representation, before both the school’s disciplinary committee and its appeal committee.