The story of blacklisting is a well-known one – and one that many thought was consigned to the past. But with the file reopened late last year, could there be more to come?
Many years since the initial revelations, the story of construction blacklisting continues to run and run.
In December 2016, information commissioner Elizabeth Denham reopened the blacklisting file, starting a watching brief to monitor the ongoing practices of the construction industry. And in February this year, Labour MP Chuka Umunna called on parliament to open a public inquiry into blacklisting practices in public projects, backed by Unite.
Construction companies would be wise to improve their systems to avoid a sequel to the 2009 story.
Blacklists were a secret database run by The Consulting Association that collected the names, religion, union membership, national insurance numbers and other personal information on thousands of construction workers.
Over 16 years, the names of more than 3,000 individuals were put on this list without their knowledge. Construction companies would run the names of potential employees against the list and, as a result, hundreds of workers lost their jobs and were unable to find work for years without knowing why.
The privacy of these individuals was gravely infringed, and often the information on the list was not even correct.
“In May 2016, several out-of-court settlements were reached by construction companies, who were estimated to have paid out £50m in compensation to 771 workers and £25m in legal fees”
In 2009, Ian Kerr, the man who ran the list, was prosecuted for failing to register as a data controller and 14 construction companies including Balfour Beatty and Kier were issued enforcement notices by the Information Commissioner’s Office (ICO) for violating the data protection principles dictating that personal information must be used fairly.
Lawsuits followed in the civil courts where workers and unions demanded damages for the injustices they suffered. In May 2016, several out-of-court settlements were reached by construction companies, who were estimated to have paid out £50m in compensation to 771 workers and £25m in legal fees.
The practice of blacklisting subjected thousands of workers to an unfair system of recruitment, leaving many individuals without work for years. And the companies involved in the practice not only suffered large settlement bills, but were publicly censured and suffered a blow to their reputation.
More to come?
In 2017, the story of blacklisting may seem to be on the backburner. But with the renewed call for a public inquiry and the ICO’s open file on blacklisting, there may be more to come.
If there were a second investigation into blacklisting, the ICO has greater powers this time around. For conduct taking place after 6 April 2010, the ICO now has the ability to enforce higher fines of up to £500,000.
In 2009, the ICO was only able to prosecute the party running the list, but not the companies who used the list. This was widely criticised and it is likely that this limitation could be changed. Construction companies should stay vigilant in preventing any form of blacklisting, starting with understanding the legislation.
“In 2009, the ICO was only able to prosecute the party running the list, but not the companies who used the list. This was widely criticised and it is likely that this limitation could be changed”
The Data Protection Act 1998 protects the personal information and data of individuals. Section 4 of the act outlines the data protection principles, and it is the responsibility of everyone – corporates and individuals alike – to follow them.
In summary, when using personal information one must ensure it is used fairly and lawfully, that it is for a limited and specifically stated purpose, that the use is not excessive, that it is accurate, and that it is kept safe and secure and for no longer than is necessary for the stated purpose.
If the ICO finds a contravention of these principles it has the power to issue an enforcement notice alerting that the identified conduct must cease. It is a criminal offence to fail to comply with the enforcement notice and offences are punishable by fine.
A helpful framework
To assist employers in staying within the data protection rules, the ICO published the Employment Practices Code in 2011.
Part 1 of the code outlines good practice when using personal data in the recruitment process. It states that an employer should only seek information that is relevant to the recruitment decision being made. Where it is necessary to obtain documents or information about the worker from a third party, the employer should obtain consent from the worker.
If in the process of verifying or vetting an applicant the information produces discrepancies, the applicant should be given the opportunity to make representations. Where information is received that affects the individual’s privacy, they should be made aware of this.
These are some of the many practices that construction companies should follow.
While the Data Protection Act is the definitive law on the matter, the ICO’s code can provide a helpful framework.
Gordon Anderson is partner and head of the London construction team at Irwin Mitchell