{"id":1037,"date":"2009-03-06T20:43:14","date_gmt":"2009-03-07T04:43:14","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=1037"},"modified":"2009-03-06T20:43:14","modified_gmt":"2009-03-07T04:43:14","slug":"current-events-uk-company-illegally-sold-worker-data","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/03\/06\/current-events-uk-company-illegally-sold-worker-data\/","title":{"rendered":"Current Events: UK Company Illegally Sold Worker Data"},"content":{"rendered":"<p>According to <a href=\"http:\/\/www.guardian.co.uk\/uk\/2009\/mar\/06\/data-protection-construction-industry\">an article at the Guardian<\/a>, dozens of companies in the UK had been buying personal information about potential employees from a company called the Consulting Association in violation of British data protection laws.\u00a0 The Data Protection Act <a href=\"http:\/\/news.bbc.co.uk\/2\/hi\/uk_news\/7927487.stm\">made it illegal to collect and distribute private information about individuals without telling them<\/a>.\u00a0 The Consulting Association aggregated information from the companies that subscribed to its services, and in return it gave them data on workers trying to get jobs.\u00a0 The files kept by the Consulting Association included data on union activity and other private details.\u00a0 Some workers in the British construction industry have claimed for years that companies have been blacklisting union activists, and <a href=\"http:\/\/news.bbc.co.uk\/2\/hi\/uk_news\/7927487.stm\">one worker<\/a> may have been blacklisted after filing an unfair dismissal case against an employer. This event represents a violation of privacy of employees, and an attempt to stifle organized labor.<\/p>\n<p><!--more--> This arrangement was motivated by economics and facilitated by technology.\u00a0 Companies can potentially arrange to pay lower wages to employees in the absence of unions.\u00a0 Blacklisting and avoiding hiring workers who might organize unions or who would take the company to court for violating labor laws would allow a company to lower its expenses.\u00a0 Databases, hardly new technology, allowed the Consulting Association to maintain easily accessible records on individuals that it could give to client companies.<\/p>\n<p>The current situation might have been prevented by more monitoring from the British government.\u00a0 According to the BBC, the Consulting Association\u2019s arrangement had been going on for the last 15 years, and there had been complaints for years in the construction industry about blacklisting, but the government hadn\u2019t discovered the problem until a short while ago.\u00a0 In addition, the Parliament had proposed but failed to pass legislation against blacklisting in particular, and that law might have been a deterrent to the practices in this incident, though, since the Data Protection Act wasn\u2019t enough, it seems doubtful that adding another law would have helped.\u00a0 Also, companies should have data management policies that do not permit giving away employee data except under special circumstances.\u00a0 This might prevent a database like the one created by Consulting Association from developing in the first place.\u00a0 But since they benefited from the arrangement that developed, the companies involved in this case might not have found such a policy to be in line with their interests and avoided having one.<\/p>\n<p>The broader issue in this incident is an individual\u2019s control about information on himself.\u00a0 Companies that collect information about people, such as companies collecting data about their employees or Internet services collecting data about their customers, can archive that data in their own databases.\u00a0 Individuals usually have little control over whether or not information about themselves is kept or removed from these databases.\u00a0 Companies controlling these databases could be tempted to use the collected information in ways that are not in the best interests of the individuals involved, such as turning over the databases to advertisers.\u00a0 In this case, one of the reasons why Consulting Association\u2019s actions were harmful was that workers had no way of finding out or refuting the assertions made about themselves in the databases.<\/p>\n<p>Hopefully, lawmakers will respond to this case by passing new laws (and actually enforcing them in a timely manner this time) protecting the privacy of individuals.\u00a0 In addition to laws against blacklisting and increasing monitoring of hiring practices, legislators should consider passing more general laws to help individuals access and remove data about themselves from databases held by others.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to an article at the Guardian, dozens of companies in the UK had been buying personal information about potential employees from a company called the Consulting Association in violation of British data protection laws.\u00a0 The Data Protection Act made &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/03\/06\/current-events-uk-company-illegally-sold-worker-data\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":95,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,7,9],"tags":[],"class_list":["post-1037","post","type-post","status-publish","format-standard","hentry","category-current-events","category-ethics","category-privacy"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/95"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=1037"}],"version-history":[{"count":4,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1037\/revisions"}],"predecessor-version":[{"id":1041,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/1037\/revisions\/1041"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=1037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=1037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=1037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}