The Information Commissioner has delivered his latest report to the Home Affairs Select Committee on “the state of surveillance” in the UK. The report traces privacy-related developments since the Commissioner’s 2006 report on the same theme, which memorably observed that the UK may be “sleepwalking into a surveillance society”. According to the November 2010 report, that warning

 “… is no less cogent in 2010 than it was several years ago. It is not being suggested that the UK is a ‘police state’ or that there are surveillance conspiracies afoot against the public. Neither the 2006 report nor this one supports such an assumption, and evidence for it is lacking. Much of what is taken to be surveillance is done for benign reasons and has beneficial effects on individuals and society. But much surveillance also goes beyond the limits of what is tolerable in a society based on the rule of law and human rights, one of which is the right to privacy.”

The report provides an illuminating summary of trends in (amongst others) the use of CCTV, body scanning and border control (including ‘ethnic targeting’ for security searches), workplace monitoring, social networking, ‘crowdsourcing’, the monitoring of protest activities and even the use of unmanned drones. Scrutiny is also given to a number of governmental policy tools, such as databases and the use of ‘social sorting’ (eg into groups such as ‘high cost, high risk’ social groups who are vulnerable to social exclusion’) to develop targeted welfare strategies.

As regards private-sector online commerce, the Commissioner recommends a number of measures to correct what he describes as the “worrying trend particularly with those who provide on-line services not to have thought through the privacy implications of their activities and given users robust privacy settings as a default”.

What to do about the risks identified in the report? The ICO’s recommendations focus principally on overhauling the legislative process insofar as it affects privacy, by introducing: 

  • a requirement for a privacy impact assessment to be presented during the parliamentary process where legislative measures have a particular impact on privacy;
  • an opportunity for the Information Commissioner to provide a reasoned opinion to Parliament on measures that engage concerns within his areas of competence, and
  • a legal requirement to make sure all new laws that engage significant privacy concerns undergo post-legislative scrutiny to ensure they are being implemented and used as intended by Parliament.

If implemented, these measures would add substantially to the ICO’s clout as the guardian of privacy.

The report can be found here, with the accompanying press release from the ICO here.


According to a report on the BBC website this morning, implementation of the Safeguarding Vulnerable Groups Act 2006 is to be put on hold.  The Act introduces a requirement that a wide range of individuals working with children or vulnerable adults must register with the Independent Safeguarding Authority (ISA).  Registration was set to begin on 26th July, and was intended eventually to cover some 9 million people.  However, today the Government will announce that registration will be halted, pending a review of the 2006 Act, which is expected to lead to a scaling-back of the scheme.

The ISA will continue to be responsible for operating the two barring lists set up under the 2006 Act, which prohibit listed individuals from working with children and with vulnerable adults respectively.  And the provisions for standard and enhanced CRB checks (under Part V of the Police Act 1997) will continue to operate as before.


Panopticon Feedback

One of our readers raised a question arising out of the previous post on employment blacklists. 

According to this report on the BBC website, Steve Acheson (who was on the blacklist) was the subject of an unsuccessful attempt by his former employer to obtain an injunction to prevent him from protesting against his dismissal.  Apparently the application was made under anti-terrorism legislation.  Our reader asks if we can throw any light on the legal basis for the application.

Unfortunately the answer is no; it appears that there is no report of the case online in any of the usual places.  The best I can find is this item from the website of Mr. Acheson’s solicitors.

We haven’t enabled the comments function on the blog.  But you are very welcome to send any feedback to Lucy.Miller@11kbw.com.  We are always delighted to see that people are reading and responding.

Employment vetting in the news

There’s an employment law supplement in the latest Legal Week, and I have an article about employment vetting. 

At the end of the article there’s a short discussion of something I’ve written about previously on this blog; the amount of personal information that’s now put on the internet, and its implications for recruitment. Looking at the way the article is presented, it’s clear that the editorial team thought that this was the interesting bit of the article.

I’ll be speaking about employment vetting again next week, at the Local Government Group conference on 29th April.   This event is a wide-ranging legal update for local authority lawyers – it’s a joint event between LGG and 11KBW.  If you’re coming to the conference, do come and introduce yourself and let me know what you think of the blog.

A suitable case for recruitment

 Information law overlaps with employment law in two main ways, in relation to employment vetting and employment monitoring. Broadly speaking vetting is about the enquiries that an employer can make before recruitment, and monitoring is about checking on the performance and behavior of existing employees.

The legal framework for employment vetting is changing radically, as the Safeguarding Vulnerable Groups Act 2006 is brought into force. The Act implements the Bichard Report, which followed an inquiry into the notorious 2002 Soham murders. It establishes a new vetting and barring scheme for those working with children or vulnerable adults, to be operated by a statutory body called the Independent Safeguarding Authority (ISA).

With effect from 20th January 2009, the ISA was given responsibility for decision-making under the 3 existing employment barring lists: the education list, (popularly known as “List 99”), the PoCA list (for those working with children) and the PoVa list (for those working with vulnerable adults). As from 12th October 2009 these 3 lists will be replaced by two new lists introduced by section 2 of the 2006 Act and maintained by the ISA –  the children’s barred list and the adults’ barred list.  Employers, social services and professional regulators will have a duty to share information with the ISA. From July 2010, new entrants to roles working with vulnerable groups and those switching jobs within the sector will be able to register with the ISA, and employers will be able to check registration status online. The legal requirement for new entrants and those moving jobs to register with the ISA, and for employers to check on their status, will come into force by November 2010. The intention is to bring the whole of the existing workforce into the scheme by 2015.

I will be delivering a paper about employment vetting at the Local Government Group conference on 29th April, and the paper will be available on 11KBW’s website after the conference.  For consideration of whether the existing PoVA list is compatible with articles 6 and 8 of the European Convention on Human Rights, see R (ota Wright) v Secretary of State [2009] UKHL 3.  For the timetable for implementing the 2006 Act, see here and here.

Facebook at work

I’m a great admirer of Pinsent Mason’s “Out-Law” website.  It’s a fascinating source of information law material. 

Today, there’s an opinion piece about the use of social networking sites by employees.  It argues that in some circumstances employers are entitled to control the use that employees make of sites such as Facebook, even outside working hours.    There is a risk of reputational damage:  for instance, a newspaper that aims for politically impartial journalism could be damaged if its writers reveal their own personal political views online.

Personal use of the internet during working time is a legitimate concern to employers – just as they may rightly be concerned about the use of the phone system for long private calls.  But what about curtailing employees’ freedom of expression and social interaction in their own time?  It is suggested that any employer who went down this route would need both a very strong justification, and a tightly-drawn policy that was clearly communicated to their employees.

In considering any specific case, careful consideration would need to be given by employers to how widely any objectionable material posted by an employee could be viewed – was it visible to a small group of friends, for instance, or to a network of millions of people?

There’s a much broader issue here.   Social networking is very widespread indeed among today’s student generation.  When they begin their working lives, will they find that their online activity impedes their search for a job?  Or that it comes back to haunt them later in their working lives? 

The reference for the opinion piece discussed above is at:


For discussion of the issues that arise when an employer considers that an employee’s online activities are damaging to its reputation, see Pay v Lancashire Probation Service, available online at: