Are You Now, or Have You Ever Been

The Labour Party’s recent – if belated – interest in the Consulting Association is a good thing. The late Ian Kerr ran a secret blacklist for a range of big-name construction companies, and there is simply no defence for what he and they did. The fundamental principle of Data Protection is fairness, and fairness is not just about the general notion of being equal and proportionate – the DPA specifically requires organisations to inform individuals about how their data is used. Even if the construction industry needed a quick central system for checking the reliability of casual employees, it would be vital for workers to know about and have access to it to ensure that the facts were correct and the decisions justifiable. The secret nature of the system, of course, was to cover the real aim of rooting out people who might ask awkward questions about health and safety or working conditions.

It is hard to imagine anything more squalid than a hugely successful industry – bloated with public sector contracts and many establishment connections – targeting ordinary working people who want to prevent deaths, accidents and unfair working practices. This activity is a stain on their reputations and they must not be allowed to forget it. The anger directed by unions, Liberty and individual workers is justified. The fact that the construction companies escaped largely unpunished is a scandal. The chief responsibility for this disgraceful business lies at their door.

However, much of the ire is bizarrely directed at the Information Commissioner. Despite his cack-handed defence on the Today programme, the current Commissioner Christopher Graham is not to blame for the construction companies’ apparent impunity, nor is his predecessor. I think Richard Thomas’ tenure as Information Commissioner was fairly disastrous (especially for FOI), but the Consulting Association prosecution was possibly the biggest success of his time in the job. Few of the criticisms hold any water. Unions have demanded that the entire CA database should be handed over to them – using publicity and FOI to achieve this. This would be a breach of the Data Protection Act. The ICO obtained the database as part of an investigation, and whatever the motives of the unions, it would be unfair to every person on that list for their information to be given out to every angry union that demands it.

The ICO has also been criticised for not proactively contacting all of the people on the list. As someone who already thinks that the ICO does not put enough resources into enforcement, the idea that they would spend the doubtless huge sums of money contacting thousands of people (after sorting through the information to identify them properly) is ludicrous. The ICO is not there to help people pursue claims – they are there to enforce the law, not to take sides and support individual actions. It was their job to take on the problem – they did that.

The biggest criticism levelled against the ICO is the lack of prosecutions for the construction companies. The Unions and various Labour figures have been loud and self-righteous in their outrage over the perceived lack of action. The £5000 fine for Kerr was paltry, and the enforcement notices issued to the construction companies lacked the required sting. But all of this is Labour’s fault. Exposing Kerr and seizing his database was the most the ICO could do – as his operation depended on secrecy, the raid killed it. The only criminal offence that the ICO could charge Kerr with was non-notification and the maximum penalty for non-notification was £5000. It was not a criminal breach of the Data Protection Act to run or use a blacklist when the construction companies encouraged Kerr to do so and paid his bills and fine for him. In 2009, the ICO did not have the power to issue Civil Monetary Penalties. No regulator can prosecute without a specific offence, and there were no offences on the statute book. His current CMP powers are not retrospective, and if they should have been, it was Labour’s decision not to make that happen.

It’s easy to attack the ‘disgraceful belligerence’ of Chris Graham’s performance on Today, as Val Shawcross, a Labour London Assembly Member, did on Twitter. Jessica Asato, prospective Labour candidate in Norwich, does the same on Labour List: “Scandalously, when prosecution was sought for Ian Kerr the CEO of the Consulting Association (and apparently a previous employee of the Economic League) he was only fined £5000 for data protection issues and none of the firms who paid for the information were fined at all.” If this is a scandal, it is a scandal that Asato’s party devised. A fine for the companies was more or less impossible, unless the ICO also prosecuted them for not notifying their use of the CA database. The maximum fine would have been £5000, even if the prosecution had been successful.

The Data Protection Act 1998 and its associated regulations were created and passed by a Labour Government. If the ICO’s response –  the strongest possible legal response – was inadequate, it was because the Blair and Brown governments made it that way. Breaches of data protection had no adequate punishment until the shambolic data handling within Government embarrassed Brown into a U-turn. Labour still backed away from making data theft an imprisonable offence under pressure for the Daily Mail, and even now, Section 63 even makes it impossible for the ICO to prosecute the Government or the Royal Household for a criminal DPA breach. Any union, any worker, any ambitious politician who wants to raise the issue of why the construction companies got out of jail free cannot go after the ICO, and they are being dishonest if they do.

Chuka Ummuna, the Shadow Business Secretary, is making a lot of what is an unfashionable issue and he deserves credit for doing so. He wasn’t an MP when Labour set Data Protection up without any teeth, and so his hands are fairly clean. Nevertheless, I can’t help thinking that the party’s enthusiasm for the issue now might have something to do with the fact that they are no longer in government making decisions, and awarding humongous PFI contracts to the businesses that were guilty of the ‘affront to justice’ that Asato finds so offensive.

One strong element of Asato’s article still rings true, and brings us round (inevitably) to the part of this post which allows me to revert to type and have a dig at the Commissioner. She points out that blacklisting and stigmatising of union and other activists in construction is an ancient business, going back to the founding of the McCarthy-like Economic League in the 1920s. I think it’s safe to assume that there is a version of the Consulting Association running right now. Kerr is dead, but the idea that a practice that is at least 90 years old will suddenly stop because it was exposed is idiotic. Panorama exposed the League in 1994 and blacklisting didn’t die then. Deputy Commissioner David Smith sets out the ICO’s approach to the Consulting Association fairly on the office’s website, but he loses credibility with this unnecessary final flourish:

The construction blacklist remains a black spot on the history of employment in this country. While the work to close it down is long completed, our work to help those whose lives were affected by the blacklist continues.

Everyone involved in the Consulting Association case should be proud of the good work they did. If I was a very suspicious person, I would wonder whether Labour and the Unions see the ICO as a convenient whipping boy to cover up their own failings on this matter. But I support Asato when she says that the work on closing down blacklists is almost certainly not over. Rather than attacking the ICO for doing the right thing, workers, unions, politicians and advocates for better Data Protection should chide the ICO for resting on its laurels. It should be knocking on doors across the construction industry and demanding evidence that the 2009 enforcement notices – which have presumably not been withdrawn – are still being complied with. The stick they wield now is a lot bigger, and they should not persuade themselves that they don’t need to use it.