Revised Code of Practice for Disclosure and Barring Service Registered Persons
November 2015
Revised Code of Practice for Disclosure and Barring Service Registered Persons
Presented to Parliament pursuant to section 122 (2) of the Police Act 1997
November 2015
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gsi.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at www.gov.uk/government/publications
Any enquiries regarding this publication should be sent to us at samuel.wray@homeoffice.gsi.gov.uk
Print ISBN 9781474125512
Web ISBN 9781474125529
ID 23101511 11/15
Printed on paper containing 75% recycled fibre content minimum.
Printed in the UK by the Williams Lea Group on behalf of the Controller of Her Majesty’s Stationery Office Revised Code of Practice for Disclosure and Barring Service Registered Persons
Contents
Introduction 3
Who does this Code apply to? 3
Disclosure Offences: Sections 123 and 124 of the Police Act 1997 3
What happens if the Code is breached? 4
The Obligations 5
Registration Details 5
Application Process 5
Identity Verification 5
Data Handling 6
Suitability Policy 6
Payment of Fees 7
Eligibility 7
Compliance Requests 8
Glossary 9
1 Revised Code of Practice for Disclosure and Barring Service Registered Persons 2 Revised Code of Practice for Disclosure and Barring Service Registered Persons
Introduction
The Disclosure and Barring Service (DBS) was established in December 2012 under Part V of the Protection of Freedoms Act (POFA)1 to undertake disclosure and barring functions. There are specific legal requirements around these checks. Disclosure functions are set out in Part V of the Police Act 1997,2 which requires Registered Bodies to adhere to this Code of Practice.
Who does this Code apply to?
The Code of Practice applies to all Registered Bodies with the Disclosure and Barring Service (DBS) under section 120 of the Police Act 1997 (Registered Bodies) and recipients of Update Service information under section 116A of the Police Act 1997. This includes those Registered Bodies that provide an umbrella function to non registered organisations. The Code refers to any information exchanged between DBS and the Registered Body.
The Code of Practice does not apply to other third parties. The DBS will seek to ensure compliance with the Code through the full range of DBS assurance management processes.
All applicants for a DBS check should be made aware of this Code of Practice and provided with a copy on request.
Disclosure Offences: Sections 123 and 124 of the Police Act 19973
Although certificates are now provided directly to the applicant, registered bodies will receive personal information related to applications and, where registered bodies are also employers, voluntary sector organisations or licensing authorities, will receive disclosure information when certificates are provided to them by their employees or applicants for posts, including volunteers.
Recipients of disclosure information, through electronic means or via the applicant’s copy of the disclosure, must note that it is an offence to disclose information contained within a DBS Certificate to any person who is not a member, officer or employee of the Registered Body or their client, unless a relevant legal exception applies. Furthermore, it is also an offence to:
Disclose information to any member, officer or employee where it is not related to that employee’s duties
Knowingly make a false statement for the purpose of obtaining, or enabling another person to obtain, a Certificate
1 http://www.legislation.gov.uk/ukpga/2012/9/part/5/enacted
2 http://www.legislation.gov.uk/ukpga/1997/50/part/V
3 http://www.legislation.gov.uk/ukpga/1997/50/section/124
3 Revised Code of Practice for Disclosure and Barring Service Registered Persons
4 http://www.legislation.gov.uk/uksi/2006/750/contents/made
Registered Bodies and those in receipt of Update Service information believed to have committed an offence will be liable to prosecution, suspension or de-registration.
What happens if the Code is breached?
The Police Act 1997 (Criminal Records) (Registration) Regulations 20064 sets out Conditions of Registration. Regulation 7(h) is for compliance with the Code of Practice issued under section 122 of the Act.
Failure to comply with Conditions of Registration can result in the suspension or cancellation of registration. This follows a set legislative process with clear timescales.
Failure to comply with requirements set out in the Data Protection Act may also result in enforcement action from the Information Commissioner’s Office (ICO).
4 Revised Code of Practice for Disclosure and Barring Service Registered Persons
5 http://www.legislation.gov.uk/uksi/2006/750/contents/made
6 https://www.gov.uk/disclosure-barring-service-check/documents-the-applicant-must-provide-
The Obligations
Registration Details
The Police Act 1997 (Criminal Records) (Registration) Regulations 20065 sets out the obligations a Registered Body must meet in order to retain its registration.
Registered Bodies must:
- Provide up-to-date information to the DBS in respect of their registration information and counter signatories in line with current procedures.
Maintain all accounts, online or otherwise, for all DBS products and delete when no longer required.
Ensure any electronic system used complies with specifications set out in the above regulations.
Application Process
Registered Bodies must:
- Submit applications for a DBS product in the format determined by DBS.
Ensure that applications for a DBS product are completed accurately and that all data fields determined by DBS as mandatory are completed in full.
Ensure that any application submitted electronically complies with DBS specifications as stipulated in line with current requirements.
Ensure that, where evidence checkers complete any part of the administration of the application process, sufficient training has been provided to enable same degree of accuracy required by DBS of the counter signatory.
Identity Verification
Registered Bodies must:
- Verify the identity of the applicant prior to the submission of an application for a DBS product by following the current guidelines issued by DBS.6
Ensure that any person undertaking identity verification checks on their behalf follows the current guidelines issued by DBS.
Make sure lead or counter signatories do not validate their own applications for any DBS products.
5 Revised Code of Practice for Disclosure and Barring Service Registered Persons
7 https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/
Data Handling
Failure to comply with DPA requirements could result in enforcement action from the ICO.
In line with the Data Protection Act 1998 Registered Bodies and those in receipt of Update Service information must:
- Have a written policy on the secure handling of information provided by DBS, electronically or otherwise, and make it available to individuals at the point of requesting them to complete a DBS application form or asking consent to use their information to access any service DBS provides.
Handle all information provided to them by DBS, as a consequence of applying for a DBS product, in line with the obligations under Data protection Act 1998.
Handle all DBS related information provided to them by their employee or potential employee in line with the obligations under Data Protection Act 1998.
Ensure that a result received as part of an application submitted electronically is not reproduced in such a way that it infers that it is a certificate issued by DBS.
Ensure any third parties are aware of the Data Protection Principles and provide them with guidance on secure handling and storage of information. For Data Protection purposes, information passed to a Registered Body by DBS remains the responsibility of the Registered Body even if passed to a third party.
Ensure business continuity and disaster recovery measures are in place and comply with Data Protection requirements.
Must comply with security requirements under principle 7 of the Data Protection Act.7
Suitability Policy
Registered Bodies and those in receipt of Update Service information must:
- Have a written policy on the suitability of ex-offenders for employment in relevant positions. This should be available upon request to potential applicants and, in the case of those carrying out an umbrella function, should be made available to their clients. Clients of Registered Bodies should make this policy available to their potential or existing employees.
Ensure that all applicants for relevant positions or employment are notified in advance of the requirement for a Disclosure.
Notify all potential applicants of the potential effect of a criminal record history on the recruitment and selection process and any recruitment decision.
Discuss the content of the Disclosure with the applicant before withdrawing any offer of employment.
6 Revised Code of Practice for Disclosure and Barring Service Registered Persons
8 http://www.legislation.gov.uk/uksi/1975/1023/contents/made
9 The various Police Act 1997 (Criminal Records) regulations can be found by searching on http://www.legislation.gov.uk
Payment of Fees
Registered Bodies must:
- Pay all registration fees in line with time periods set out in current procedures.
Pay all fees relating to DBS products in line with time periods set out in current procedures.
Pay all fees related to criminal records check applications submitted after any decision by the DBS to suspend registration or deregister the organisation.
Correctly apply the Police Act definition of a volunteer to each criminal records check application to assert eligibility that no fee should be charged for that application.
Publish all fees, in relevant documentation, associated with the processing of criminal records check applications when you do so on behalf of others.
Notify the DBS in writing of any change to the fees associated with the processing of Criminal records check applications when you do so on behalf of others.
Eligibility
Eligibility for DBS checks is set out in the following legislation:
Standard checks – to be eligible for a standard level DBS certificate, the position must be included in the Rehabilitation of Offenders Act (ROA) 1974 (Exceptions) Order 1975.8
Enhanced checks – to be eligible for an enhanced level DBS certificate, the position must be included in both the ROA Exceptions Order and in the Police Act 1997 (Criminal Records) regulations.9
Enhanced checks with children’s and/or adults’ barred list check(s) – to be eligible to request a check of the barred lists, the position must be eligible for an enhanced level DBS certificate and be specifically listed in the Police Act 1997 (Criminal Records) regulations as being eligible to check the appropriate barred list(s).
Registered Bodies must:
- Use all reasonable endeavours to ensure that they only submit Criminal Records check applications in accordance with the legislative provisions which provide eligibility criteria for relevant positions or employment.
Ensure that before allowing a DBS check application to be submitted they have assessed the role to be eligible under current legislation, correctly applied the right level of check, and correctly requested the appropriate barring list information.
Ensure they are legally entitled to request any DBS product being applied for.
7 Revised Code of Practice for Disclosure and Barring Service Registered Persons
10 Available at http://www.gov.uk/DBS
Compliance Requests
Registered Bodies and those in receipt of Update Service Information must co-operate in full and in line with the timescales in current procedures,10 when DBS enquiries are made in relation to:
- Ongoing compliance of Registered Bodies and those in receipt of Update Service information with the obligations under this Code.
Implementing the suspension or de-registration of a Registered Body where non-compliance is established in line with current procedures.
8 Revised Code of Practice for Disclosure and Barring Service Registered Persons 9
Glossary
Registered Body – employer or company registered with the DBS for the purposes of processing and submitting applications for DBS products.
Umbrella function – Registered Bodies processing and submitting applications for DBS products from employers not eligible to register with the DBS.
DBS Product – Any level of check available from DBS.
Client – Company or individual engaging umbrella functions from a registered body.