Friday, 6 March 2009

Massive under-reaction to hideous data breach and blacklisting

I have to say, I was really quite appalled to read this article ostensibly about a breach of the data protection act.

It did hear something about it on Today in my semi-conscious morning state. It seemed to be a report about not much then (but still bad), just some company selling on people's details when they shouldn't (maybe I wasn't listening hard enough).

On reading the article, when awake, the gravity of the situation struck me (and the massive under-reaction of the authorities).

For the last 15 years, a company has been running a secret system allowing construction companies to allegedly unlawfully* vet workers for positions.

Firms would sent list of potential employees to this company and they would get back comments on them detailing things such as (legal) union activity or anything that a employer would consider "trouble". One worker said no-one would employ him after he won an a case for unfair dismissal.

The reaction from the authorities has been pitiful. The Deputy Information Commissioner said:

"the company should have registered itself with the ICO".
Oooh!

He was "deeply disappointed" that household names (i.e. Balfour Beatty) had been involved
Yeah you tell 'em!

"You would have thought they would have got the data protection message by now".
Let em have it!


Er, hello! There weren't just a bit forgetful or a little naughty. They were being criminal!!!!!!
Oh dear, are the nasty big companies not taking the message seriously? Maybe I should use that excuse when I commit a crime so I just get a disappointed look instead of a sentence!

You may wonder why private companies take so little notice of the law on this and think there won't be any consequences, oh wait, I may have found an answer:

The owner of this SURELY CRIMINAL* (surely this must be illegal on other levels too?) company "faces prosecution and a £5,000 fine if found guilty of breaching the Data Protection Act."

Ooohh!! That'll learn him! Considering they got more than that from one company that used them it's not exactly a deterrent.

And the government want to use private companies to run their snooping database and probably to manage your health records too. But it's okay, they take data protection very seriously. Yeah right!

Am I over-reacting or does anyone else think this is really serious? Workers' lives have been destroyed here. People should be going to jail for this both at the company running the list and at the companies who use them but no doubt they will get a slap on the wrist (if that) and then more lucrative government contracts...

*UPDATE: Blimey, according to this article in the Guardian (who actually got the scoop on this):

"The Labour government has been criticised for passing a law banning the practice of so-called blacklists in 1999, but then, in a U-turn, deciding not to take the final step of implementing the law on the grounds that "there was no hard evidence that blacklisting was occurring". Technically, therefore, "blacklisting" is still legal."

So, whilst blacklisting like this offends all sense of fairness and clearly should be illegal, it isn't because of the lily-livered Labour Government!

UPDATE 2: Forgot my favorite bit, the information commissioner is going to send a "legal note" to the companies that used this service telling them not to do it again!

No comments: