It is a common situation and one that is difficult to manage and control. However, the Data Protection Act 1998 (DPA) is a useful tool for staffing businesses to use in these situations because client and candidate data is normally personal data and so falls within the scope of the DPA.
In a recent case, Rebecca Gray pleaded guilty at Warrington Magistrates' Court to an offence under section 55 of the DPA for unlawfully obtaining and disclosing personal data.
A breach of section 55 of the DPA is a criminal offence.
Ms Gray, who worked for the recruitment agency Elite Employment Group, emailed the contact details of over 100 clients to her personal email address and used the information to contact them in her position at a rival recruitment company.
She was subsequently prosecuted, fined £200 and ordered to pay £214 prosecution costs and a £30 victim surcharge. She also lost her job.
For staffing businesses, the case illustrates how the DPA can help to protect client and candidate data and should serve as a deterrent to recruitment consultants.
For staffing businesses, it is important to have robust employment contracts in place which protect their ownership of their client and candidate data and contain legally enforceable restrictive covenants to stop their recruitment consultants poaching their clients and candidates after they leave the business.
It is also important to deliver training to consultants so they understand their legal obligations in relation to client and candidate data and understand the consequences of misusing the data which include, as in Ms Gray's case, prosecution.
The training should be delivered as part of a wider session on data protection compliance so staffing businesses can make sure their staff are both complying with the DPA during their employment and are also aware of their obligations after they leave the business.