Whilst the Information Commissioner’s Employment Code of Practice has actively discouraged it for some time, it will from the 10th March 2015 be a criminal offence for an employer to require job applicants or existing employees to obtain a copy of their criminal records by means of a data subject access request. Some employers required prospective and existing employees to provide such information without using the formal and more expensive route of the CRB check. The Data Protection Act 1998 (Commencement No. 4) Order 2015 has now brought in section 56 of the Data Protection Act 1998 outlawing such practice.
It has made it a criminal offence for any person to require another person, or a third party, to make a subject access request for their criminal record information as a pre-condition to providing them with, or offering to provide them with, goods, facilities or services. The criminal offence carries an unlimited fine in England and Wales so employers (or indeed anyone)now does this practice at their peril.