Following complaints by the GMB and human rights group Liberty about the failure to act against firms found to have been blacklisting trade unionists (weekly LELR 282), the deputy Information Commissioner has said that there is nothing more his office can do.

David Smith wrote in a blog on the Information Commissioner’s Office (ICO) website, that he was disappointed that the ICO could not issue more substantial penalties but that it had used the maximum legal powers available at the time the blacklisting was discovered.

The ICO found a database containing the names of over 3,000 construction workers when it raided the premises of the Consulting Association in March 2009.

Consulting Association owner Ian Kerr maintained the database and provided subscribing employers with information about anyone involved in trade union activity, including people who had raised genuine concerns about safety. More than 40 major construction companies were subscribers to the list.

Following the raid, Mr Kerr, who reportedly earned six figure sums for operating the list, was fined just £5,000 at Knutsford Crown Court for breaching the Data Protection Act and paid £1,187 costs.

Enforcement notices (requiring the unlawful activity to stop) were only issued against a handful of the firms proven to have used and supplied information to the list. The companies themselves were never separately investigated and none were prosecuted.

The ICO has since been given the power to issue civil monetary penalties up to £500,000, but these can only be issued where a breach of the Data Protection Act has taken place after April 2010.

As, according to Mr Smith, the ICO has not received any “reliable evidence” that unlawful processing of personal data continued after this date, he insists that his office cannot apply the stronger penalties in this case.

He says that, instead, the ICO is focusing on helping anyone who featured on the list. In addition to a helpline, it has set up a ‘fast-track’ service available to allow anyone who suspects they were on the list to find out if they were, and get a copy of any information held about them.

So far 616 people have formally made a request, of whom 194 were listed and have been passed details of their personal information.

The deputy commissioner says the ICO cannot proactively contact the individuals on the list because some of the information is incomplete, some is in the form of poor-quality, handwritten notes and some is extremely dated, with one last known address listed for the 1970s.

To find out how to make a request for data, visit the Information Commissioner's Office website.