Yes - Although I would have thought there was limited value in
referencing a ranting email unless it was as raw material. Properly
referenced works in the areas concerned are likely to carry more
weight.
Also, counter viewpoints to most of the points I raised exist
in the Social Justice and Justice in the community literature. The
apparent silence from that sphere was a surprise, perhaps the email
frightened them, or maybe a general consensus on the group is that data
protection does not belong in those areas. Whatever the reasons, any
case would be seriously weakened if it did not also include other
perspectives.
Ian W
-----Original Message-----
From: This list is for
those interested in Data Protection issues [mailto:data-
[log in to unmask]] On Behalf Of Chris Brogan
Sent: 30 November
2010 14:21
To: [log in to unmask]
Subject: Re: [data-
protection] Pre-Employment Screening
Ian, many thanks may I reference
you to the BSI group?
Chris Brogan MA LLM FSyI
Managing Director
Security International Ltd
130 St Johns Road, Isleworth, Middlesex TW7
6PL, UK
Tel: +44 20 8847 2111 Fax: +44 20 8847 1852
Registered in
England & Wales No. 1322074
Registered Office: 11 Loveday Road, London
W13 9JT www.securitysi.com
Please visit my blog
https://chrisbroganassociates.wordpress.com/-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent:
30 November 2010 14:15
To: [log in to unmask]
Subject: Re:
Pre-Employment Screening
Firstly I am and remain implacably opposed to
many of the vetting
methods used, especially enforced subject access,
which although I
understand some of the reasons for, disagree with
intensely because it
completely undermines the general socially
accepted bases for a
justice/punishment system (opinion confirmed by
most documented
jurisprudential views) to the long term detriment of
society, and makes
a great many people relax their own interpersonal
skills (I agree those
are more difficult to document/justify in a
balanced way without
prejudice). This aspect becomes even more
difficult across
international boundaries where different cultural
norms exist and
employees of one organisation may need to accommodate
the differing
requirements for the same people working across
international
boundaries. (My bias)
The wide trawling of the internet
for material
to profile individuals seems to have a not dissimilar
effect across
other areas of society, and whilst I disagree with that
as well, I
perceive no answer there other than individuals protecting
themselves
appropriately (as organisations try to do) from the time
they first
start using technology which tracks them or is searchable
by reference
to them in some way. Clearly, although a balance is not
easy, data
protection has and continues to completely fail people in
that respect.
Whilst the needs of organisations are understandable the
question to me
seems to be:- society will adjust to cater for
organisations, but how
far should it go in facilitating the control of
the constituent
individuals, for that, at that level and in that
context, is what
privacy factors are used for.
When I voiced
disagreement with setting
up the original CRB, because I perceived
that it would actually promote
more vetting, and eventually the
'official certification' of workers by
the state, (I would guess the
Basic Criminal Record Check certificate
is now widely used as a
validation document in many employment files)
there was considerable
pressure applied to silence my criticism; That
clearly indicated to me
the people supporting those mechanisms are not
open to different
viewpoints and hence require a positive supportive
approach to be
applied (something I see as a political requirement
rather than a
factual one). That factor will need to be incorporated
within any BS
unless it is to be forcefully applied.
I am aware that
much of the
security sector supported the creation of the CRB and
official
certificates, even to the extent of then using them to
advertise the
integrity of the organisation. I even recall since them
occasionally
being told by door to door callers that they had been
vetted and had a
CRB certificate, so, given the police intelligence
advice that door to
door callers are always to be suspected, am not too
surprised there is
now a need for some sort of official document to
control their use as
a means of supporting perceptions of validity.
One method I always
pursued was to push for the vetting response
material not to be
retained, in line with the original agreements I
believe.
That meant
that where vetting was conclusively proven to be
necessary, somebody
at some stage during the recruitment process took
the responsibility
to sign off that the relevant checks had been made
and did not reveal
anything sufficiently detrimental to the employment
role to stop that
recruitment. (Yes, I agree, if there was the
recruitment would not
continue and so such information could inherently
be implied - but an
audit trail of responsibility is frequently seen as
needed in these
things - and then people have to keep the documents to
prove they did
the job correctly...).
Where vetting by organisations
was
legitimate, the above point of accepting responsibility was
frequently
one of the main stumbling blocks; another being the correct
interpretation of any material supplied (enhanced check material these
days). Frequently those who retained the material required it for
purposes other than the original recruitment process and so the first
hurdle was identifying what. As for the potential for moral pressure
emanating from the information obtained, that is frequently just
plainly misused in a work context, although it seems to be frequently
perceived as a method of gaining trust, which I would have thought
the
destruction and signature would engender more than retention
(unless it
was a moral blackmail as opposed to trust thing), but self
protection
and validation of decisions seemed more frequently to over-
ride those
issues, with privacy/confidentiality/data protection
sometimes being
used in an attempt to justify not revealing the
retention of that
data. Organisational cultural and environmental
issues do impinge.
I
am not aware of how the requirement of some
sectors for employees to
inform them of any activity which brings them
in contact with the
justice system so their personnel files may be
updated fits in with the
recording of historical data collected from
vetting processes today but
that could also possibly be relevant to
some of the pressures for
retention.
Within the security sector
culture, if one can conjecture,
it may well be that with the ongoing
growth of surveillance and
monitoring systems something of a change in
focus from integrity to
other personal skills more conducive of
supporting the organisations
work in that environment may occur; But
not looking at that field for
some time I do not know how far along
things have progressed.
Considering the broader aspects of
vetting/surveillance/monitoring
rather than privacy/trust issues, will
a resulting reduction in the
personal skills necessary for forming a
reasonably accurate opinion of
people, and integrity issues similar to
WikiLeaks, become more
prevelant, feeding upon increased (in)security,
weakening ethical
standards (without constant central enforcement by
monitoring) and a
set of more distinctly separate sectors of society.
If so I would
expect a burgeoning security sector!
My experiences
come from spending
some years as a police data protection officer
(retired many years ago)
so maybe other list participants have
good/bad parts of the process
from outside that security block,
indicative of customer organisational
requirements which are more up
to date or provide a different focus.
Anyway I hope that is of
assistance and that others may provide more up
to date/diifferent view
(s).
Ian W
-----Original Message-----
From:
This list is for those
interested in Data Protection issues [mailto: [log in to unmask]
AC.UK] On Behalf Of Chris Brogan
Sent: 30
November 2010 09:56
To: data-
[log in to unmask]
Subject: [data-
protection] Pre-Employment
Screening
I mentioned a couple of weeks
ago that I sit on a British
Standards Institution committee that is
reviewing a British Standard.
Security Screening of individuals
employed in a security environment-
Code of Practice. BS 7858-2006.
I have had concerns in the past
about the privacy issues raised by this
code of practice. My
contribution to the committee is to prepare a
paper that addresses
those concerns for consideration by the committee.
In brief my
concerns address; Basic Criminal Record Checks; County
Court
Judgements and Bankruptcy searches as an integrity test;
background
checks in some instances to when the applicant was 12 years
old;
keeping the results of the screening for the length of employment
+
seven years; Notifying the applicant what checks will be conducted
and
what results may debar them from being selected prior to them
providing their personal information; providing details of pending
legal cases.
I would welcome input from members of this group and
to achieve that would be happy to send you a copy of my paper for your
review. If interested please e mail me privately. If you would like to
comment please specify whether I can reference you or not.
Regards
Chris Brogan MA LLM FSyI
Managing Director
Security International
Ltd
130 St Johns Road, Isleworth, Middlesex TW7 6PL, UK
Tel: +44 20
8847 2111 Fax: +44 20 8847 1852
Registered in England & Wales No.
1322074
Registered Office: 11 Loveday Road, London W13 9JT
www.securitysi.com
Please visit my blog
https://chrisbroganassociates.wordpress.com/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|