Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Company Sold Workers' Secret Data

Posted by kdawson on from the art-of-the-blacklist dept.

krou writes "The BBC is reporting that the Information Commissioner's Office has shut down a company in the UK for a serious breach of the Data Protection Act. It claims that the company, The Consulting Association in Droitwich, Worcs, ran a secret system that it repeatedly denied existed for 15 years, selling workers' confidential data, including union activities, to building firms, allowing potential employers to unlawfully vet job applicants. About 3,213 workers were in the database, and other information included data on personal relationships, political affiliations, and employment histories. More than 40 firms are believed to have used the service, paying a £3,000 annual fee, and each of them will be investigated, too." The article says that The Consulting Association faces a £5,000 fine — after pulling in £1.8 million over 15 years with its illegal blacklist.

31 of 122 comments (clear)

  1. 5k fine, 1.8M in profits by KiloByte · · Score: 5, Insightful

    It's kind of hard to say "continue, please" louder than by slapping such an enormous fine.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:5k fine, 1.8M in profits by Anonymous Coward · · Score: 3, Informative

      Actually, it can get a lot worse for them, they can be forced to stop all data exports for a long investigation time. I was on a project receiving data for a rather large global company (who is making the news quite regularly these days) from all European markets as part of a pan Europe system. The data itself was nothing special, the company owned it in each market and was merely transferring it around within, yet one country data protection overlords somehow found protocol wasn't precisely being followed. I never found out exactly what was wrong, but that country's data wasn't able to be used for almost two years.

    2. Re:5k fine, 1.8M in profits by Shakrai · · Score: 4, Insightful

      It's kind of hard to say "continue, please" louder than by slapping such an enormous fine.

      What are the odds of the employers who illegally used said database being fined or punished in some way? Punish the people who used the database and you'll find that the next time someone offers up illegal information for sale they'll have a much harder time finding customers.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:5k fine, 1.8M in profits by QuantumRiff · · Score: 2

      I'm sure the lawsuits by the people on the list who have been denied employment because of it, will be much more helpful in making sure companies don't want to go this route again.

      --

      What are we going to do tonight Brain?
    4. Re:5k fine, 1.8M in profits by u38cg · · Score: 2, Interesting
      I think the fine is a legal maximum; when the law was written it was never envisaged that a company would be abusing data in this way.

      Am I right in thinking that a company doing this would, in general, be entirely legal in the US?

      --
      [FUCK BETA]
    5. Re:5k fine, 1.8M in profits by Tony+Hoyle · · Score: 5, Informative

      The company has been shut down. Its owner faces prosecution *and* a £5000 fine (and for a case like this they will go for the maximum penalties).

      Also all its customers are now under investigation and also face possible prosecution.

      Also both the original company *and* its customers are wide open for legal action against them if they denied anyone a job because of this data.

      That's a pretty fucking heavy disincentive for anyone doing it again.

    6. Re:5k fine, 1.8M in profits by Hatta · · Score: 4, Insightful

      Let us know when it actually happens.

      --
      Give me Classic Slashdot or give me death!
    7. Re:5k fine, 1.8M in profits by Captain+Hook · · Score: 3, Informative

      those 3,213 employees are the ones who are blacklisted, that doesn't mean the employers are only checking 3213 potential employees.

      and before anyone says those 3213 employees had it coming for being trouble makers - http://news.bbc.co.uk/1/hi/uk/7928331.stm

      --
      These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
  2. much bigger damage to society by pmarini · · Score: 5, Insightful

    surely the damage done over 15 years to the families of those not employed because of this illegal practice is much bigger than £1.8mln...

    --
    Can I put a spell on those who can't spell?
    Your wheels are loose and they're losing their grip, good you're there.
    1. Re:much bigger damage to society by filekutter · · Score: 2, Insightful

      I agree with you totally pmarini. Unfortunately this is just the proverbial iceberg tip, with much more still hidden. These are corporations whose activities the last few decades since Reagan have centered on removal of restrictions, merging of interests with national law, and abolition through demonization of unions.

      --
      I call computer-illiteracy job security
    2. Re:much bigger damage to society by Anonymous Coward · · Score: 2, Interesting

      A few key details were left out of the article.

      1.) Did the workers agree to background checks?
      2.) Was the information provided false?

      If no to #1 or yes to #2, they have grounds to sue the company individually. The fine is only from the government. This happens every day in the US, but you don't hear much uproar.

    3. Re:much bigger damage to society by dkleinsc · · Score: 3, Insightful

      Even if they agreed to a background check, they probably didn't agree to be checked for activities that aren't in any way illegal or reflecting on job performance, such as (FTFA) "ex-shop steward" or "Irish ex-Army".

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
  3. This is an old, old blacklist by ab8ten · · Score: 5, Insightful

    This blacklist was specifically for the construction industry - for those who haven't RTFA. The terrible thing is that this list, and its sale for money, has been around for years and years. It's the industry's dirty little secret. It's only now they've computerised the records that they can use the Data Protection Act to prosecute. Sadly, I have no doubt that the information will live on somehow. All the major players have fingers in the pie and won't give it up, I think.

    --
    I have no .sig
    1. Re:This is an old, old blacklist by pjt33 · · Score: 5, Informative

      It's only now they've computerised the records that they can use the Data Protection Act to prosecute.

      That's not true. The DPA covers "information which ... (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system", where "relevant filing system" is defined as "any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible."

    2. Re:This is an old, old blacklist by cbiltcliffe · · Score: 2, Insightful

      ....please get your facts straight

      Facts? We don't need facts. This is the Internet!

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  4. Tortuous? by DoofusOfDeath · · Score: 2, Interesting

    The article says that The Consulting Association faces a £5,000 fine â" after pulling in £1.8 million over 15 years with its illegal blacklist.

    Are they also open to civil lawsuits from affected employees?

    1. Re:Tortuous? by krou · · Score: 2, Interesting

      Yeah, not going to be too easy, but at least they're taking it seriously and offering help. According to news on the ICO's website, "From 16 March the ICO will operate a dedicated enquiry system for people who believe personal information about them may be held on the database. Members of the public are advised not to contact the ICO until 16 March."

      --
      'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
  5. "political affiliations" by krou · · Score: 3, Informative

    Just to point out that the original BBC article (when I submitted the story to /.) had a quote from the notes in the illegal database stating that someone was a member of the Communist Party, hence why I mentioned it contained political affiliations. Not sure why the BBC removed this, but just thought I'd mention it in case someone wonders why.

    --
    'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
  6. 4. ????? by Ogive17 · · Score: 3, Funny

    Finally we figure out the 4. ????? before 5. Profit!

    --
    "Action without philosophy is a lethal weapon; philosophy without action is worthless."
  7. British Paranoia at its finest! by ringbarer · · Score: 5, Insightful

    Let me get this right:

    British Employers are paranoid that potential employees are Communists or worse. They subscribe to a secret blacklist that potentials have no knowledge of or ability to refute allegations. Anyone blacklisted will not be employed, but the work still needs to be done.

    So they draft in cheap labor from countries that didn't even exist twenty years ago. As these migrant workers aren't on the blacklist, they get cherry picked for work that local labor should have the same rights to apply for. The end result being the rise of local unemployment through no fault of the workers.

    No wonder their economy is fucked.

    --
    "Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
    1. Re:British Paranoia at its finest! by Zaiff+Urgulbunger · · Score: 2, Funny

      Christ knows why this got -1, I'd mod you up if I got the chance.

      Because "ringbarer" is on the secret /. mods Neg-list(TM)? ;)

  8. Re:I'm confused by jandersen · · Score: 2, Insightful

    Does your government sell information about your political activities etc to a cabal of semi-criminals? No? Well, there you have your answer, then.

    Just because you have an ingrown bias that tells that "Everthing the government does is evil, and everything a private business does is sort of OK, even if it is criminal" doesn't mean that it makes sense. You would probably benefit from taking off your blinkers once in a while.

  9. Re:Put on your Republican/Tory shoes for a second by Ninnle+Labs,+LLC · · Score: 2, Informative

    You mean other than the fact that blacklists like that database are illegal?

  10. Inaccurate summary by Apatharch · · Score: 5, Informative

    ...what a surprise.

    The article does not say that the company is being fined £5000; it's the owner himself who faces prosecution, and hence a criminal record.

    1. Re:Inaccurate summary by fuzzyfuzzyfungus · · Score: 2, Funny

      Perhaps we could put the owner on some sort of blacklist...

  11. Re:sounds like the work of a genius by Cally · · Score: 4, Interesting

    That's the infuriating aspect of this for some of us in the infosec world. This wasn't "selling private data", it was a good old-fashioned blacklist of "troublesome" employees who did annoying things like joining unions, complaining about health and safety violations (construction's very dangerous in the UK, I think it's ~100 deaths a year, and you can work out the ratio of deaths to maimings and career-ending injuries.) What they did was vile and evil, and the companies (huge mainstream FTSE-listed corporations, mostly) should be taken to the fucking cleaners as a clear sign that this sort of thing is illegal for good reasons, and will not be tolerated. However it's got FA to do with "leaking of personal data"; the headlines here, on the Beeb and even El Reg have been totally misleading.

    --
    "None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
  12. Re:I'm confused by cbiltcliffe · · Score: 4, Insightful

    Governments can be held accountable for their actions.

    Really? What country do you live in? I'd like to move there.

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......
  13. solution: by Anonymous+Admin · · Score: 3, Insightful

    Charge them with 3213 instances and fine them per instance. The profit disappears and so does the motivation.

  14. Re:sounds like the work of a genius by prefect42 · · Score: 2, Informative

    Cut out the 'in the UK bit'. A quick google gives me outdated figures for 2005/6:

    UK: 59
    US: 5702

    --

    jh

  15. Re:sounds like the work of a genius by prefect42 · · Score: 2, Insightful

    A more correct google gives:

    UK: 59
    US: 1186

    --

    jh

  16. Re:sounds like the work of a genius by fuzzyfuzzyfungus · · Score: 3, Insightful

    Highly variable, I suspect.

    Illiterate undocumented immigrant getting paid 80 pence an hour to carry a hod? Probably not.

    Skilled tradesman who happens to have political opinions pinker than his boss would like? Quite possibly(especially the web stuff).

    Access to legal options, unfortunately, is very much a game for the wealthy; but the interwebs are pretty far downmarket these days.