Enforced Access Request prohibition comes into force on 10 March 2015
10 Mar 2015 12:00 am by Mark Dunn
This blog first appeared on CorderyCompliance.com and was written André Bywater (+44 20 7075 1785, firstname.lastname@example.org). André is a lawyer with Cordery in London where his focus is on compliance issues.
From 10 March 2015 businesses will be banned from forcing individuals to request the disclosure of their personal information by third parties and requiring those individuals to share that information with those businesses.
Recent UK legislation has brought into force section 56 of the Data Protection Act 1998 (DPA) which makes it a criminal offence for someone (let's call them Person A) from requiring someone else, (Person B) or a third party, (Person C), to provide Person A with information obtained by means of a subject access request made under section 7 of the DPA.
The prohibition applies in a number of prescribed circumstances, most notably where Person B is trying to get a job with Person A and Person A wishes to know if Person B has any previous spent or unspent criminal convictions or not.
For more details about this issue, including on how employers can best vet prospective employees and comply with data protection requirements, please refer to here and here where we have previously reported about this important legal development.
Cordery is a trading name of Cordery Compliance Limited which is authorised and regulated by the Solicitors Regulation Authority; SRA number 608187. Cordery Compliance Limited is a separate legal entity to Reed Elsevier (UK) Limited trading as LexisNexis.