Why is confidentiality important for DBS data?

Why is confidentiality important when it comes to DBS data?

All organisations have to comply with data protection laws, and there is even stronger legal protection for information relating to criminal records.

In this guide we’ll explore why confidentiality is important for DBS data, and how organisations should handle disclosure information.

Why is confidentiality important?

One of the most important elements of confidentiality is that it helps build trust between you and your employees.

As an organisation that receives DBS data, you may be handling sensitive information about people. Knowing that this information will be kept and used appropriately will give employees confidence in your organisation and its processes.

No less importantly, confidentiality is a legal requirement. Anybody responsible for using data must follow strict data protection rules. Currently, these rules are determined by the Data Protection Act (DPA). However, as of 25 May 2018, the DPA will be replaced by the Europe-wide General Data Protection Regulation (GDPR).

The GDPR comprises six data protection principles that set out the main responsibilities for organisations. In summary, these principles state that data must be:

  • Used fairly and lawfully.
  • Collected for specified, explicit and legitimate purposes.
  • Used in a way that is adequate, relevant and limited to what is necessary.
  • Accurate, and where necessary, kept up-to-date.
  • Kept for no longer than is necessary.
  • Processed in a manner that ensures appropriate security of the data.

For more detailed information on the GDPR, check out this guide from the Information Commissioner’s Office.

Organisations that don’t comply with the GDPR could face heavy fines of up to €20 million, or 4% of annual turnover. So as you can see, misuse of DBS data could potentially be costly – not to mention damaging to the person whose data has been misused.

The DBS code of practice

As well as general data protection laws, there are specific rules about how DBS data should be used.

The DBS Code of Practice, published under section 122 of the Police Act 1997, is designed to ensure that criminal record information is used fairly and appropriately. Anybody who receives standard or enhanced disclosure information must abide by the code.

The code of practice states that all registered bodies (organisations registered with the DBS, including umbrella bodies) must have a written policy on the secure handling of DBS information. They should also ensure that bodies or individuals on whose behalf they countersign applications have written policies in place.

The DBS has produced a sample policy statement for organisations to use or adapt. In summary, your policy should state that your organisation:

  • Complies fully with the DBS code of practice and data protection laws.
  • Stores DBS data securely.
  • Only passes DBS data to those who are authorised to receive it in the course of their duties.
  • Uses DBS data only for the specific purpose for which it was requested.
  • Keeps DBS data only for as long as is necessary – generally for a period of up to six months.
  • Disposes of DBS data securely after the retention period has elapsed.

The CQC and Ofsted may have additional requirements on the handling of personal data, so organisations regulated by these bodies should check with them to ensure they’re compliant.

Criminal records and recruitment

The DBS code of practice also aims to protect applicants with criminal records from discrimination as a result of irrelevant convictions.

The code states that organisations in receipt of DBS information must:

  • Have a written policy on the recruitment of ex-offenders, which should be made available to applicants on request. The DBS has produced a sample policy for organisations to use or adapt.
  • Ensure that all applicants are notified in advance of the requirement for a DBS check.
  • Notify all potential applicants of the possible effect of a criminal record history on the recruitment and selection process, and on any recruitment decision.
  • Discuss the content of the disclosure with the applicant before withdrawing an employment offer.

Why is confidentiality important for DBS data? A summary

So, why is confidentiality important when it comes to DBS data?

Confidentiality is vital for organisations that handle DBS data as it helps ensure job applicants are treated fairly and protected from discrimination, and gives employees peace of mind that their sensitive information will be used appropriately.

Organisations also have certain obligations under the DBS code of practice and data protection laws. Failure to comply with these rules could result in legislative action against the organisation.

If you’d like to know more about the DBS code of practice, please don’t hesitate to give us a call – we’re always happy to help.

Our blogs are advisory in nature and reflect M G Care Executive Limited trading as uCheck's current thinking about best and common practice in the subjects discussed.

The information contained in our blogs have been provided for information purposes only. This information does not constitute legal, professional, or commercial advice. Whilst every care has been taken to ensure that the content is up to date, useful and accurate, M G Care Executive Limited trading as uCheck gives no guarantees, undertakings, or warranties in this regard, or, for any loss or damage caused arising directly or indirectly in connection with reliance on the use of such information.