The Importance Of DBS Data Confidentiality
Data protection laws are in place in the UK to protect individuals and businesses from privacy breaches and dishonest use. The data protection laws offer legal protections that ensure that personal data is securely kept and not misused.
Data confidentiality is very important when it comes to criminal records. Individuals have a right to keep details of any convictions private from others, apart from those that have been given express permission to view it or have the authority to do so.
Why maintain data confidentiality?
Apart from the legal implications of not keeping data private, there are good practical and business reasons to keep data confidential. Confidentiality and data privacy of DBS data help to build trust between a business and their employees.
If you are an organisation or business that requests DBS Checks from job applicants and existing employees, then you need to make sure that you keep the data confidential. DBS data is criminal record data, which is considered to be sensitive information. In other words, it is information that the individual may not want anybody else to know about.
When it comes to the legal implications, there are severe penalties for any business that does not keep a tight control on data privacy. In the UK, data protection law follows the European legislation known as the General Data Protection Regulation (GDPR).
The GDPR rules state that the responsibility of data protection and privacy lies with the business or organisation that holds the data. The rules state that all personal data must be:
- Used only for agreed and legitimate reasons and purposes
- Used in a lawful manner and way that isn’t unfair to the individual
- Limited to relevant information only
- Stored for no longer period than is absolutely necessary
- Processed in a secure way
- Accurate and unbiased.
Any business or organisation that doesn’t comply with GDPR rules can face hefty fines up to the value of 20 million Euros or equivalent to 4% of the business’s annual turnover.
DBS code of practice
In addition to the GDPR rules, the Disclosure and Barring service have their own set of data protection rules in place, known as the DBS Code of practice.
The DBS Code of Practice is published under section 122 of the Police Act 1997 and it makes sure that criminal record details are stored and used properly and fairly. Any individual that receives data related to DBS checks must stick to the guidance.
Any DBS registered body or umbrella body, must have a written policy in place that covers the protection of DBS data.
The DBS data policy needs to ensure that the business or organisation:
- Stores DBS data in a secure fashion
- Complies with the DBS code of practice and GDPR
- Shares the data only with authorised people only
- Uses the data for the intended purpose only
- Keeps the DBS data for only as long as needed (usually with a set timeframe of 6 months)
- Disposes of data securely once finished with.
The CQC and Ofsted also have their own rules regarding the use of personal data and businesses and organisations need to verify that they comply with these too.
Summary of DBS data confidentiality
DBS Checks provide individuals and employers with criminal record data, which is highly personal and sensitive. Therefore, businesses and organisations must keep the data carefully protected.
In the UK, GDPR rules and the DBS code of practice set out guidelines to make sure that businesses keep DBS data private and secure, as well as using it fairly.
If you have any questions about keeping DBS data secure or regarding the DBS code of practice, then get in touch.