The Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act by continuing to collect information about low-level convictions, after a charity reported concerns to the data regulator.

A change to the Rehabilitation of Offenders Act, which came into force in May 2013, stipulated that people no longer needed to include minor and historic offences on their disclosure and barring service application form.  But the application form continued to include the question: "Have you ever been convicted of a criminal offence or received a caution, reprimand or warning?"

Unlock, a charity that provides advice services for people with criminal convictions, noticed that it was receiving high number of calls about the problem, and provided the ICO with two case studies of people who had missed out on employment because they had unwittingly included information they were no longer required to on the disclosure and barring form.

Stephen Eckersley, ICO head of enforcement, said: “The Rehabilitation of Offenders Act is fundamental to the work carried out by the Disclosure and Barring Service. The fact that the service failed to keep their application form up-to-date with changes to the law is not only a source of embarrassment, but has also resulted in the sensitive personal data of two individuals being disclosed unnecessarily.”

The Disclosure and Barring Service has now updated its form and signed an undertaking with the ICO, committing to improve the way it looks after people’s information.