Saturday, 7 March 2009

Data Overload - need Protection...

Who's got your data on their computer?

Do you know? Probably more people than you might imagine - school, doctors, hospitals, supermarkets, the tax people, the police (perhaps...), anyone you ever registered with online or filled out a paper form for. The list could be, and probably is, endless.

But do you know what they do with your data? Or, rather, what they're allowed to do with your data?

There are rules - the good old Data Protection Act of course.

But does every company or organisation play within the rules?

Seems not.

Building Data Regulations:

Consulting Association, a company based in Droitwich (that's near Birmingham, sort of) certainly don't seem to have done so.

They hold data on people who work in the building industry. Big companies - Balfour Beatty for example - would go to them to find out about people they might employ. I suppose that might be quite useful: a company who can tell you what qualifications your future employee might have or what their experience is for example.

But, you see, amongst other things the firm would warn employers about possible "trouble makers".

You know, union organisers.
Following a raid ... investigators discovered that the Consulting Association's database contained the details of some 3,213 workers, the ICO said.

Employers paid £3,000 as an annual fee, and £2.20 for individual details, the ICO said. Invoices to construction firms for up to £7,500 were also seized during the raid.

From Firms in data row deny wrongdoing - BBC News report 6/3/09
Now, I didn't know being in a union or being an organiser was an offence. I thought it was just common sense - I've been a union organiser in my time. It means I might be prepared to stick up for myself in an argument with an employer. I might know about the rules and regulations surrounding things like over time or health and safety.

This is common sense - but it seems that, surprise surprise, the big firms don't like dealing with "union organisers". People who know their rights.

Or, it seems, people who might raise concerns about health and safety matters. You know, on building sites. Like, that isn't important or anything is it? Or about asbestos. The stuff that can kill you if you breath enough of it in: not straight away (like falling from scaffolding that's not been properly put up...) but in years after horrible pain.

You know, you wouldn't want to actually employ someone who'd made a fuss about any of that sort of stuff. Would you?

That stinks. Workers have a right and, to me, a duty to protect themselves. No wonder the Information Commissioner says that the public need to assert their data right.

Data Protection to the rescue:
Fortunately this has all come out into the open. And, even more fortunately, it seems that Consulting Association has fallen foul of the good old Data Protection Act this time.

You see, they didn't register with the Information Commissioner. They didn't stick to the rules. The company that noted that one of the people on its database was a problem because he was "Irish ex-Army, bad egg" didn't cover one of the most basic steps that anyone holding data about anyone else needs to do.


No comments: