Practical guidance – Police records and enforced subject access requests

Aim of this guidance

This guidance is designed primarily for employers, as recruitment is where most ‘enforced subject access’ happens. However, this guidance, and the offence of ‘enforced subject access’, applies to any individual or organisation, including volunteer recruiters, insurers, colleges, universities and housing associations.

Why this is important?

This guidance explains a process known as ‘enforced subject access’. This became a criminal offence on the 10th March 2015. This guide focuses on what you as an employer should do if you currently use or carry out subject access requests.

An enforced subject access request reveals more details than an individual would have to disclose. For example, the information might include spent convictions under the Rehabilitation of Offenders Act, or cautions that would no longer be disclosed on an enhanced check. Both the ICO and the Disclosure and Barring Service expressed concern that enforced subject access requests are an abuse of an individuals’ rights and undermine public policies.

In short, police records should not be used as part of ordinary recruitment practices.

What is ‘enforced subject access’?

This is the practice where you require an individual to obtain a copy of their police record, for example, as part of an application process for a job. For some employers, this has been a condition of employment.

As you will see in the example below, a subject access displays significantly more personal information than what you are legally entitled to be in possession of.

sar

What you need to do

You should check the policies and practices that you have in place. If you use ‘enforced subject access’ as a way of obtaining criminal record information, you should stop this practice immediately, otherwise you risk committing a criminal offence which carries an unlimited fine. You should ensure that your policies do not breach section 184 of the Data Protection Act 2018 (previously section 56 of the Data Protection Act 1998). The ICO has indicated that it intends to prosecute those who continue to make enforced subject access requests.

Types of checks you can do

Depending on the nature of the work involved, there may be alternative practices available to you. For example, if you recruit employees or volunteers, you may look at using an official criminal record check towards the end of your recruitment process. Depending on the situation, this may be a basic, standard or enhanced level check.

Good practice tips

  • Do not ask individuals to obtain a copy of their police record as part of your recruitment process
  • If your recruitment process involves a formal criminal record check, be clear with the applicant whether it’s a basic, standard or enhanced level check.

Frequently asked questions

+-Does this mean I can't ask about criminal records?
No. Employers can still check criminal records through official channels. This change prevents employers exploiting subject access requests and accessing more information than they are entitled to.
+-What if an individual chooses to show me their police record?
The sharing of police records is not illegal. However, the offence of ‘enforced subject access’ includes situations where you request individuals to provide it, as this can be construed as ‘enforced’. There would be additional data protection issues with using or storing any information revealed on a police record. 

 

This guidance was updated in June 2018
Print Friendly, PDF & Email