Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error

Options
Go to last post Go to first unread
Oxford  
#1 Posted : 10 August 2018 08:33:19(UTC)
Rank: Forum user
Oxford

Has anyone else come across this issue when doing site visits (to sites other than those run by your own employer? I was recently told, on a arrival at a site in London, that I should have taken my passport so the site team could scan it and keep it on record.

My immediate thought was 'no chance - I have no idea how safe that data would be', but having done some checking it seems that some places are requesting information which goes far beyond simple identification - our service Engineers are beginning to rear up about this issue

A Kurdziel  
#2 Posted : 10 August 2018 09:12:04(UTC)
Rank: Super forum user
A Kurdziel

When they take the photocopy, do they provide you:

  • with Justification for collecting this information
  • Who will be holding this information
  • For how long will they be keeping it
  • And whether they will be passing it onto third parties?
  • How they will be keeping it secure?

If not they are in breach of data protection law.

Hsquared14  
#3 Posted : 10 August 2018 09:26:37(UTC)
Rank: Super forum user
Hsquared14

I agree with A Kurdziel - by all means they might need to see your passport or other form of photoID but taking a photocopy is a big step too far.  You definitely need a justification for this.  I could understand it if they needed to prove that you had a right to work in the UK but then they should be approaching your employer for that and not taking scans and photocopies of passports.

Roundtuit  
#4 Posted : 10 August 2018 09:31:20(UTC)
Rank: Super forum user
Roundtuit

Whilst I can see the potential need for security verification of who you are via an offical document aka "Photo id" there is no way I would allow any identity document out of sight let alone have a third party copy it.

This sounds like a possible miss-interpretation of "right to work" checks - once again industry gets entitely the wrong end of the stick as it is employers who are obliged to verify their (potential) employees right to work in the EU - Principals should vet contractors, not the contractors employees.

Really curious as to the full justification these sites are claiming, sounds like they have never heard of GDPR

Roundtuit  
#5 Posted : 10 August 2018 09:31:20(UTC)
Rank: Super forum user
Roundtuit

Whilst I can see the potential need for security verification of who you are via an offical document aka "Photo id" there is no way I would allow any identity document out of sight let alone have a third party copy it.

This sounds like a possible miss-interpretation of "right to work" checks - once again industry gets entitely the wrong end of the stick as it is employers who are obliged to verify their (potential) employees right to work in the EU - Principals should vet contractors, not the contractors employees.

Really curious as to the full justification these sites are claiming, sounds like they have never heard of GDPR

Spacedinvader  
#6 Posted : 10 August 2018 09:42:27(UTC)
Rank: Forum user
Spacedinvader

Drop the ICO a line?

A Kurdziel  
#7 Posted : 10 August 2018 10:20:12(UTC)
Rank: Super forum user
A Kurdziel

You can start by finding out who the company’s named data controller is. Just look it up here https://ico.org.uk/esdwebpages/search . If they don’t appear on the register then drop the ICO a line. If you do get a name then ask the questions I suggested and anything else you can think of.  If you are not happy with the response report them to the ICO.  

WatsonD  
#8 Posted : 10 August 2018 10:25:26(UTC)
Rank: Super forum user
WatsonD

I thought that was why CSCS cards came with a photo, for ID. Agree that those requesting passports seem to be misinterpreting 'right to work' legislation.

Roundtuit  
#9 Posted : 10 August 2018 10:35:32(UTC)
Rank: Super forum user
Roundtuit

The 100% carded site is coming to an end (and not before time).

CSCS is retracting the breadth of issued cards to only cover those directly involved with the construction - so cleaners, caterers etc. who used to be forced to have the yellow visitor card can no longer obtain them.

Roundtuit  
#10 Posted : 10 August 2018 10:35:32(UTC)
Rank: Super forum user
Roundtuit

The 100% carded site is coming to an end (and not before time).

CSCS is retracting the breadth of issued cards to only cover those directly involved with the construction - so cleaners, caterers etc. who used to be forced to have the yellow visitor card can no longer obtain them.

djupnorth  
#11 Posted : 13 August 2018 17:07:00(UTC)
Rank: Forum user
djupnorth

I agree that it is probably somebody who has mis-interpreted the right to work legislation.

A Kurdziel, can I just clarify one point.  The company will be the 'data controller' (i.e. the organisation for whom personal data is processed), unless it is a sole trader the controller will not be an individual.  It may be that you are mistaking a data controller for a Data Protection Officer (mandated for public bodies and certain high-risk controllers), who must be a named individual.  It is unlikely however, that a construction company will need a DPO.

Regards. DJ

Users browsing this topic
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.