Before I address the amendments I would like to say a few words about blacklisting, which was raised by the noble Lords, Lord Monks and Lord Morris, and my noble friend Lady Williams, because at each stage of this Bill we have sought to emphasise how seriously this Government take any allegations of blacklisting. The Trade Union and Labour Relations (Consolidation) Act 1992 makes it unlawful to refuse to employ a person because they are a member or not a member of a trade union or because they refuse to join or leave a trade union. This position was strengthened in 2010, when in response to the Consulting Association blacklist uncovered in 2009, the Government introduced anti-blacklisting regulations and increased the penalties for unlawful processing of data. Data controllers can now be fined up to £500,000 for serious offences. There have been several allegations of new evidence of blacklisting to date, but no evidence of this practice recurring. The Scottish Affairs Select Committee and Information Commissioner are both currently investigating the potential for ongoing offences, and the Government continue to take a close interest in this issue. Therefore, the provisions that we are considering today do not increase the risk of blacklisting, because of the protections in place around the treatment of membership data.
7 pm
Noble Lords have tabled a number of amendments, which I understand seek greater assurance that the confidentiality of union membership data will be protected. That is entirely understandable. Information about who is a union member is sensitive, as the noble Lords, Lord Monks and Lord Morris, have already eloquently pointed out, and it is right that it should be protected. However, existing data protection rules are sufficient for those purposes. I hope to be able to explain how the data will be protected and to reassure noble Lords that their concerns are unfounded.
I will begin by speaking to Amendments 28A, 28B and 28C, which are all concerned with the protections around the way the assurer handles membership data. Amendment 28A would place on the assurer a duty of confidentiality to the union and its members, and would require the assurer to comply with the union’s obligations in the Data Protection Act. Amendment 28B would prevent the appointment or reappointment of an assurer in the case of a breach of the union’s confidentiality, of its statutory duties or of its terms of appointment, or where there are reasonable circumstances not to appoint. Amendment 28C states that the assurer must comply with the Data Protection Act. Amendment 28D seeks to prevent the disclosure of member data in any circumstances, except with their consent or where required as part of criminal proceedings.
The intention behind all those amendments is already achieved by the Bill and the application of the Data Protection Act. I will explain that. The Bill explicitly states that the assurer will owe a duty of confidentiality to the union, which will be incorporated into the assurer’s appointment. Breach of that duty would mean that the union would have a remedy for breach of contract. The union may also choose, if it wishes, to include additional protections as part of its contract with the assurer. In addition, the assurer must comply with the Data Protection Act, because in performing their statutory functions they will be a data controller. Should the assurer breach data protection rules, the union may engage the Information Commissioner, who enforces the Data Protection Act. The Information Commissioner has a range of powers at his disposal, including imposing a fine of up to £500,000. Finally, the assurer is prohibited in the Bill from disclosing member data unless in specific permitted circumstances. Noble Lords also raised the issue of whether an assurer who breaches their obligations should be prevented from reappointment. I am happy to confirm that that is entirely within the control of the union. The Secretary of State will set out in an order who is qualified to be an assurer, but who the union chooses from that list is entirely at its discretion. If, for any reason, the union has doubts about the assurer’s suitability, including their handling of sensitive member data, it can pass a resolution to remove the assurer on agreement of the members.
On Amendment 28D, the intention seems to be to prevent the disclosure of member data in any circumstances except with member consent or where required as part of criminal proceedings. That would in practice prohibit a certification officer, inspector or assurer having the necessary access to the register, as they would be unable to identify the member in order to seek their consent. It would defeat the Government’s policy intention of giving assurance of union compliance with the duties to maintain a membership register. We believe that this amendment is unnecessary. The existing contractual and statutory arrangements surrounding use of membership data will be sufficient to ensure that membership data are protected.
I have already explained the protections with regard to the assurer and will now say something about the protections with regard to the treatment of membership data by the certification officer and the inspector. As part of that I will therefore deal with Amendments 31, 31A and 32. Amendment 31 would remove the explicit statement that the certification officer may require an explanation of documents from the assurer. In practice, that may interfere with the effective application of the new enforcement regime. It may be important for the certification officer to engage with the assurer in a particular case in order to make an informed assessment of a union’s compliance with Section 24 of TULRCA. Amendment 31A deals with the appointed inspector and seems intended to ensure that there are appropriate protections to ensure that they handle sensitive membership data properly. I reassure noble Lords that a range of safeguards are already in place to achieve that. That includes, for example, that first of all, the certification officer will have discretion to appoint an inspector as he does currently for inspectors of a
union’s financial affairs. It will be for the certification officer to ensure that he appoints someone capable of fulfilling their responsibilities. Secondly, the inspector will owe a duty of confidentiality to the certification officer. Should the inspector breach that duty, it will be for the certification officer to decide the appropriate remedy, considering the circumstances and severity of the breach. A third party appointed as an inspector is likely to be someone in a professional firm. It would seem unnecessarily restrictive to require that the certification officer could never appoint that firm again, no matter what had happened to the individual concerned. A further example is that if the appointed inspector—or any other individual, for that matter—has breached data protection rules, they will be liable to the Information Commissioner taking action, including imposing a fine of up to £500,000.
I infer that the intention of Amendment 32 is to obtain explicit, cast-iron assurance that sensitive union member data will be adequately protected under the new investigatory powers introduced by the Bill. The amendment intends to prohibit the disclosure of data to third parties, but there is already provision in law to prevent the disclosure of documents to third parties, except as necessary for the performance of functions set out in the Bill, where the member consents or, of course, for criminal proceedings. In any event, as I have already explained, member data will be well protected by both existing and new legal safeguards. The assurer will owe a contractual duty of confidentiality to the union, as stipulated in the Bill. The Data Protection Act will also continue to apply whenever the assurer, certification officer or inspector handle union membership data, because in doing so they will be data controllers. Furthermore, the certification officer is obliged to act in concordance with the European Convention on Human Rights, which includes the individual’s right to privacy. We are confident that the certification officer is well placed to deal with sensitive data, and I can reassure noble Lords that the Government will not have access to member data through those provisions.
Finally, Amendment 33 changes the heading to new Section 24B. We do not think that that would have a substantive effect, but have assumed that the intention is that provisions relating to the appointment of the assurer would not be enforceable. We will come to the role of the assurer in the next group of amendments, but it is key to the achievement of the Government’s policy objective. I understand the desire to ensure that the Bill poses no risk to the confidentiality of union membership, and I have been listening this afternoon. I am sure that there are adequate safeguards in current data protection legislation and introduced by the Bill, to ensure that not only the assurer but also the certification officer and the certification officer’s inspector properly protect the confidentiality of union member data.
The noble Lord, Lord Monks, questioned why the legislation is needed, because the certification officer has had only a limited number of complaints. However, the current statute does not automatically provide assurance that the register is up to date for all members. The certification officer can investigate only in response to a complaint, and then only, as I mentioned in
Committee, in response to a complaint from a union member. Not all members will be proactive about checking the register. A member who checks it may not see the register in its entirety. In any case, they cannot know whether the names and addresses of other members are accurate. Members cannot tell whether the register is accurate in recording all new joiners and leavers. We believe that those measures are an appropriate way to give greater confidence to union members and, importantly, to the public, so that unions know who their members are and can contact them.
The noble Lord, Lord Martin of Springburn, raised concerns because there has been some misuse of sensitive data by some public authorities. I assure him that the certification officer is subject to duties under the Human Rights Act 1998 to comply with the European Convention on Human Rights, including a person’s right to his private and family life and his correspondence. We are confident that the certification officer is well placed to deal with sensitive data. One respondent to the consultation conceded that, although they thought this was a risk, they had,
“no reason to believe the CO’s office has poor systems”.
The noble Lord, Lord Morris of Handsworth, stated that unions were more harshly regulated than other organisations. Noble Lords are sometimes fond of drawing analogies between trade unions and other membership organisations, but trade unions are unique in both purpose and design. They are explicitly defined by legislation, and in practice regulation is tailored to each type of organisation, to fit its role and function. Again, we believe that these measures are appropriate to the function of trade unions. I therefore ask noble Lords not to press their amendments.