Practical guidance – Police records and enforced subject access requests

Aim of this guidance

This guidance is primarily designed for employers, as that is where the majority of examples of ‘enforced subject access’ take place. However, this guidance, and the offence of ‘enforced subject access’, applies to any individual or organisation. That means it also applies to organisations such as volunteer recruiters, insurers, colleges, universities and housing associations.

Why this is important

This guidance explains a process known as ‘enforced subject access’. This became a criminal offence on the 10th March 2015. This guide focuses on what you as an employer should do if you currently use or carry out subject access requests. The guide does not go into detail about how the legislation works, as this is covered in guidance by the Information Commissioners Office (ICO).

An enforced subject access request reveals more details than what an individual would have to disclose. For example, the information might include spent convictions under the Rehabilitation of Offenders Act, or minor cautions that would no longer be disclosed on an enhanced check. Both the ICO and the Disclosure and Barring Service have expressed concern that enforced subject access requests are an abuse of an individuals’ rights and undermine public policies.

In short, police records should not be used as part of ordinary recruitment practices.

What is ‘enforced subject access’?

This is the practice where you require an individual to obtain a copy of their police record, for example, as part of an application process for a job. For some employers, this has been a condition of employment.

As you will see in the example below, a subject access displays significantly more personal information than what you are legally entitled to be in possession of.

sar

What you need to do

You should check the policies and practices that you have in place. If you use ‘enforced subject access’ as a way of obtaining criminal record information, you should stop this practice immediately, otherwise you risk committing a criminal offence which carries an unlimited fine. You should consult the ICO guidance and ensure that your policies do not breach section 56 of the Data Protection Act 1998.  The ICO has indicated that it intends to prosecute those who continue to make enforced subject access requests.

What types of checks can be done

Depending on the nature of the work involved, there may be alternative practices available to you. For example, if you recruit employees or volunteers, you may look at using an official criminal record check towards the end of your recruitment process. Depending on the situation, this may be a basic, standard or enhanced level check.

Useful resources

We have worked with the ICO, who have produced their own guidance on enforced subject access requests. They are the body that is responsible for taking action against those suspected of breaching section 56. You can download their guidance here.

The ICO have also shared a webinar that the ICO held on the 18th November 2014 – this is available to watch below:

Good practice tips

  • Do not ask individuals to obtain a copy of their police record as part of your recruitment process
  • If your recruitment process involves a formal criminal record check, be clear with the applicant whether it’s a basic, standard or enhanced level check.

 

Frequently asked questions

No. Section 56 of the Data Protection Act makes ‘enforced subject access’ a criminal offence. It does not mean that employers cannot check criminal records through official channels. It simply closes a route that some employers (and others) exploited as a way of finding out criminal records, often revealing significantly more information than what they were entitled to
The sharing of police records is not, per se, illegal. However, the offence of ‘enforced subject access’ covers situations where you give individuals ‘the option’, as this can still be construed as ‘enforced’. Plus, there would be additional data protection issues with using or storing any of the information that is revealed on a police record. 

This section will be added to over time, responding to the common questions we receive about this guidance.

More information

  1. There is more information about checking criminal records here
  2. For further advice about this guidance, please contact us.

Has this been useful?

Let us know if this guidance has been useful. Have you used it in your organisation? Has it helped you to change your policy or practice? Please let us know so that we can show the impact of this guidance and continue to help others.

You can let us know by:

  1. Writing a comment on this page (see below)
  2. Sending your feedback directly to us
  3. Emailing us at recruit@unlock.org.uk

 

This guidance was last updated in November 2015

Is there anything wrong with this guidance? Let us know – email recruit@unlock.org.uk

Print Friendly, PDF & Email