ICO shuts down firm selling private worker data
The Information Commissioner's Office will prosecute the owner of a construction worker database, and is considering action against the firms which accessed it.


The Information Commissioner has shut down a consulting firm that was selling private data about construction workers.
Consulting Association, run by Ian Kerr, operated a database holding details on 3,213 construction workers. He sold access to the data to over 40 firms for a 3,000 annual fee plus 2.20 to access each individual, according to the Information Commissioner's Office (ICO).
The construction firms used the data to vet potential workers, and the database held information about their personal relationships, connections to trade unions and employment history.
The ICO told the BBC that the database also held notes on what people thought of the workers, including calling them "lazy and a trouble stirrer." Other comments included "ex shop steward. Definite problems. No Go" and "Communist Party".
The ICO raided Kerr's West-Midland's business at the end of February, seizing the data. He faces prosecution for breaching the data protection act, and has been ordered to stop trading, which the ICO said he has done.
Deputy information commissioner David Smith said in a statement: "This is a serious breach of the Data Protection Act. Not only was personal information held on individuals without their knowledge or consent but the very existence of the database was repeatedly denied."
Under the Data Protection Act, any organisation holding personal information must be open about how they use it and most are required to register with the ICO. "Kerr did not comply with the law on either count," said Smith.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The ICO is also considering taking regulatory action against the construction firms that had at some point subscribed to the database, which include "household names." The full list of companies which accessed the data is available on the ICO's website.
"I remind business leaders that they must take their obligations under the Data Protection Act seriously," Smith said. "Trading people's personal details in this way is unlawful and we are determined to stamp out this type of activity."
On 16 March, the ICO will launch a dedicated enquiry system offering help to people who believe their personal data is being held in such a way. However, Smith asked that people hold off until then before contacting the ICO on such issues.
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
P2PInfect self-replicating Rust worm discovered attacking Redis instances
News Researchers believe that the worm could be laying the groundwork for a larger campaign to be launched at some point in the future
-
Redefining modern enterprise storage for mission-critical workloads
Whitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
MWC 2023: Huawei launches 'world's best' ransomware detection system
News Huawei claims its Cyber Engine database security system has a 99.9% detection rate, but experts have been quick to weaken the sentiment
-
Dutch hacker steals data from virtually entire population of Austria
News The data was stolen from a misconfigured cloud database found by the attacker through a search engine
-
IRS mistakenly publishes 112,000 taxpayer records for the second time
News A contractor is thought to be responsible for the error, with the agency reportedly reviewing its relationship with Accenture
-
Database and big data security
Whitepaper KuppingerCole 2021 Leadership Compass Report
-
Modernise your legacy databases in the cloud
Whitepaper An introduction to cloud databases
-
Microsoft Azure flaw exposed 'thousands' of customer databases
News Security research Wiz describes Cosmos flaw as "the worst cloud vulnerability you can imagine"