What is the Code of Practice?
The CRB checks Code of Practice is composed of several very specific obligations that applying organisations have to stick to regarding the information disclosed as part of a CRB check and what they can legally do with it. Contrary to popular belief organisations that apply for CRB checks can’t use the personal information disclosed for anything other than the purpose it was obtained for. In most cases this is to assess the applicant’s suitability for employment and as such this is the only capacity for which the disclosed information can be used.
Important Obligations within the Code of Practice
A lot of the obligations listed in the CRB Check Code of Practice only concern the applying organisation but a few are highly relevant to disclosure applicants. These include the following:
That any information disclosed by the Disclosure and Barring Service (DBS) has to be destroyed after a suitable period of no more than 6 months from the date of disclosure. This means that if a job applicant isn’t successful, the applying organisation has to destroy their DBS certificate within 6 months of the date of the personal information included in a disclosure needs to be stored appropriately and securely. DBS certificates and any electronic versions need to be accessible by authorised persons organisation applying for a CRB check has an obligation to inform the named applicant of the need for the check before making the application. In other words an organisation cannot make a disclosure application without informing the named applicant of their intentions. The applying organisation also has an obligation to inform the named applicant of the potential effect of the disclosure regarding the recruitment and selection information disclosed in a CRB needs to be used fairly by the applying organisation and shouldn’t be used to discriminate against ex-offenders with spent convictions.
Do all organisations comply with the Code of Practice?
Organisations that apply for CRB checks from the DBS have a legal obligation to comply with the Code of Practice so in theory yes they do. In order to make sure this is happening the DBS periodically asks for evidence from organisations that they are in fact meeting their obligations in terms of the Code and this can happen at any time and without prior warning