Enforced Access Request prohibition comes into force on 10 March 2015

March 10, 2015 by Mark Dunn

This blog first appeared on CorderyCompliance.com and was written André Bywater (+44 20 7075 1785andre.bywater@corderycompliance.com). André is a lawyer with Cordery in London where his focus is on compliance issues.

From 10 March 2015 businesses will be banned from forcing individuals to request the disclosure of their personal information by third parties and requiring those individuals to share that information with those businesses.

Recent UK legislation has brought into force section 56 of the Data Protection Act 1998 (DPA) which makes it a criminal offence for someone (let's call them Person A) from requiring someone else, (Person B) or a third party, (Person C), to provide Person A with information obtained by means of a subject access request made under section 7 of the DPA.

The prohibition applies in a number of prescribed circumstances, most notably where Person B is trying to get a job with Person A and Person A wishes to know if Person B has any previous spent or unspent criminal convictions or not.

For more details about this issue, including on how employers can best vet prospective employees and comply with data protection requirements, please refer to here and here where we have previously reported about this important legal development.

For more information please contact either Jonathan Armstrong, Gayle McFarlane, André Bywater, or Patrick O'Kane who are lawyers with Cordery in London where their focus is on compliance issues.

Cordery is a trading name of Cordery Compliance Limited which is authorised and regulated by the Solicitors Regulation Authority; SRA number 608187. Cordery Compliance Limited is a separate legal entity to Reed Elsevier (UK) Limited trading as LexisNexis.