Introduction
1. As an organisation using the Disclosure and Barring Service (DBS) checking service to help assess the suitability of applicants for positions of trust, Leeds Diocesan Board of Finance (The Board) complies fully with the code of practice regarding the correct handling, use, storage, retention and disposal of certificates and certificate information.
2. It also complies fully with its obligations under the General Data Protection Regulation (GDPR), Data Protection Act 2018 and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of certificate information and has a written policy on these matters, which is available to those who wish to see it on request or on the staff intranet.
Scope
3. This policy applies to all employees and volunteers of The Board or linked organisation such as a PCC within the Diocese of Leeds whose request for a DBS certificate is processed by The Board.
Definitions
4. The Disclosure & Barring Service (DBS):
a) The primary role of the Disclosure & Barring Service (DBS) is to help employers make safer recruitment decisions and prevent unsuitable people from working with vulnerable groups including children and vulnerable adults.
b) The DBS was established under the Protection of Freedoms Act 2012 and helps employers make safer recruitment decisions and prevent unsuitable people from working with vulnerable groups.
c) The barring side of the DBS provides expert caseworkers who process referrals about individuals or who have harmed or pose a risk of harm to children and/or vulnerable groups. They make decisions about who should be placed on the children’s barred list and/or adults barred list and prevented by law from working with children or vulnerable groups.
d) The checking service allows employers to access the criminal record history of people working, or seeking to work in certain positions, especially those that involve working with children or adults in specific situations.
DBS checks and certificates:
a) There are three levels of DBS check: Basic, Standard, and Enhanced. The level required is determined by the individual’s job role and the interaction with vulnerable groups and sensitive information that will be required.
b) A DBS certificate is a document issued by the DBS in the UK. It contains information about an individual’s criminal record, including any convictions and cautions. The certificate will inform an individual’s suitability for a role and is usually requested as part of the safer recruitment process.
c) In order to process a DBS check, an individual must submit personal information as required by DBS.
Blemish:
a) A DBS blemish refers to a disclosure on a DBS check that indicates an individual has a criminal conviction, caution, or intelligence that is considered relevant to their role. This can include offences that are not currently under sentence or have been deemed unspent under the Rehabilitation of Offenders Act 1974. The DBS checks are used by employers to ensure that individuals are suitable for their positions, and the presence of a blemish may require further assessment and consideration before proceeding with an individual taking up an employed or volunteer role.
ThirtyOne:Eight:
a) The Board uses the services of the third-party organisation ThirtyOne:Eight to process DBS checks and obtain certificates from DBS.
b) The Board sends applications for DBS checks to ThirtyOne:Eight, who also advise on the personal data required in order to process the check.
Storage and Access
5. DBS certificates are solely stored electronically on ThirtyOne:Eight’s systems and are not viewable by any persons working for The Board. Upon completion of a DBS certificate, the certificate is sent directly by ThirtyOne:Eight to the individual for whom it was requested in a secure electronic format.
6. When a DBS certificate contains a blemish, members of the diocesan People team will be notified by ThirtyOne:Eight and the Safeguarding team will be notified by the People team. In this case a copy of the DBS will be requested by the Safeguarding team, and it will be stored securely on our safeguarding case management system.
7. An applicant’s personal data is processed by the diocesan People team and ThirtyOne:Eight in order to obtain a DBS certificate. Any information that is given by the applicant is viewable by the People team and Safeguarding team on ThirtyOne:Eight while the application is being processed.
8. Once a DBS check is complete, the People team and Safeguarding team retain indefinite viewing access to all personal details which have been given by the applicant during the application, even if the check has been archived (a check may be archived if it was completed over six months ago).
9. Confidential declaration forms completed by the applicant may be sent by the People team to the recruiting team for their records, where they are stored securely in a cloud-based file facility or kept securely in lockable, non-portable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties.
Handling
10. In accordance with section 124 of the Police Act 1997, certificate information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom certificates or certificate information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it.
11. To note: organisations which are inspected by the Care Quality Commission (CQC) or Ofsted, and those establishments which are inspected by the Care and Social Services Inspectorate for Wales (CSSIW) may be legally entitled to retain the certificate for the purposes of inspection.
12. In addition, organisations that require retention of certificates in order to demonstrate ‘safer recruitment’ practice for the purpose of safeguarding audits may be legally entitled to retain the certificate. This practice will need to be compliant with the Data Protection Act, Human Rights Act, General Data Protection Regulation (GDPR), and incorporated within the individual organisation’s policy on the correct handling and safekeeping of DBS certificate information.
Usage
13. Certificate information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.
Retention
14. Once a recruitment (or other relevant) decision has been made, we do not keep certificate information for any longer than is necessary. This retention will allow for the consideration and resolution of any disputes or complaints, or be for the purpose of completing safeguarding audits.
15. Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail.
16. If a DBS application is not completed within six months of it being started, it is withdrawn, and all data is cleansed on ThirtyOne:Eight’s systems in accordance with their policies with the exception of the applicant’s name and date of birth.
Retention
17. Once the retention period of six months has lapsed, we will ensure that any DBS certificate information is immediately destroyed by secure means, for example by shredding, pulping or burning. While awaiting destruction, certificate information will not be kept in any insecure receptacle (e.g. waste bin or confidential waste sack). All personal information sent via electronic means will also be deleted.
18. We will not keep any photocopy or other image of the certificate or any copy or representation of the contents of a certificate. However, not withstanding the above, we may keep a record of the date of issue of a certificate, the name of the subject, the type of certificate requested, the position for which the certificate was requested, the unique reference number of the certificates and the details of the recruitment decision taken.
19. For blemished DSB checks, retention will be in line with National safeguarding retention policies.
Acting as an umbrella body
20. Before acting as an umbrella body (an umbrella body being a registered body which countersigns applications and receives certificate information on behalf of other employers or recruiting organisations), we will take all reasonable steps to satisfy ourselves that they will handle, use, store, retain and dispose of certificate information in full compliance with the code of practice and in full accordance with this policy.
21. We will also ensure that any body or individual, at whose request applications for DBS certificates are countersigned, has such a written policy and, if necessary, will provide a model policy for that body or individual to use or adapt for this purpose.
Further information
22. The DBS Code of Practice can be found on the Government website by accessing the following link:
https://www.gov.uk/government/publications/dbs-code-of-practice