True, but that's different to what you said. Lots of mid and high earners also have debt problems that put them at risk to this sort of coercion. And undoubtedly a few greedy ****ers who aren't at risk but can't help themselves either (but that's just Moneing now)

Might not be what I said, but it's not an unreasonable conclusion to draw from the situation.if you've got debt, we might consider you a security risk. The point I'm trying to make is that debt is more likely a daily condition for many, particularly low earners, compared to previous generations.

Posted by: tjagain

↑

Posted by: poly

↑

unions have significantly less clout in most private sector organisations than they did in your world, if they exist at all. 

 

Not true.  they only have less clout if not enough folk join them  My comment was a bit of a joke anyway

good to see the Edinburgh defence has not worn off after your antipodean travels 😉

Posted by: poly

↑

perhaps but if this is the only or a major piece of the work at that site, the consequences of being the employee who won’t comply are not difficult to foresee.

Unfair dismissal?    🙂

I don’t think it necessarily would be unfair dismissal.  If the only work you now have requires a level of check, then an unchecked employee (who can’t or won’t get checked) is redundant.  I’m guessing when disclosure (PVG/DBS) requirements were introduced for some jobs, there must have been people who couldn’t or wouldn’t comply.  Presumably they aren’t being paid to sit and do nothing?  I’m not sure why “CRB is ok” and not contractually unreasonable but “credit check” is - I suspect what you actually mean is, “CRB check was so normal in my industry/sector but credit check was not”.

I guess as a business trying to vet risk from someone accepting bribes then a credit check is one of the only things they can do so probably reasonable on that basis (but they should have explained why they are making that request of you). I'm cleared via national vetting so have to disclose a whole load of financial (and other) things and they have access to my bank account etc., even for that though it's clearly documented why they are requesting such information

Posted by: poly

↑

I don’t think it necessarily would be unfair dismissal.

Change to you terms and conditions that you cannot comply with leading to dismissal - I'd love to fight the case 🙂

I very clearly said it might be reasonable or it might not - we do not have enough info to know

Posted by: theotherjonv

↑

And undoubtedly a few greedy ****ers who aren't at risk but can't help themselves either (but that's just Moneing now)

It's funny how this kind of thing would be completely illegal to even ask for in many countries (countries with much stronger labour protection laws and union membership) and yet these countries still manage to have printers that print all kinds of sensitive information.

I would say that if there is sensitive information then a company should be appointing a responsible person to ensure the security of that information throughout the process.  For that kind of job a credit check would be entirely appropriate (although of course the company itself would have to adhere to numerous regulations in order to ask that person to submit to a credit check).

Just doing a blanket credit check of everyone sounds like ticking a box in order to say an item in the Risk Identification Matrix is 'mitigated' rather than actual paying someone to put in place and enforce proper procedures.

I really couldn't work in the UK again.

We are printers, so potentially there could be sensitive information go through.

Almost certainly this. All sorts of rules about leaked data on financial reports and so on. 

I mean, if you were publishing (for instance) Teslas quarterly report a week or so before it's released, you're in a good place to (illegally) make some accurate stock market transactions. It'll probably be a blanket rule for anyone who handles the complete data set.

And if you're 50 grand in credit card debt, and might not be able to pay your mortgage next month. You're a risk. mainly in the sense of selling a copy of the report.

Posted by: tjagain

↑

Posted by: poly

↑

I don’t think it necessarily would be unfair dismissal.

Change to you terms and conditions that you cannot comply with leading to dismissal - I'd love to fight the case 🙂

 

I very clearly said it might be reasonable or it might not - we do not have enough info to know

obviously depends how they do it - but it would be quite feasible to make redundant employees who don’t comply if the business is focussing on confidential printing services.  We don’t know the details of what is being printed - it might be the posters for the staff canteen, very difficult to argue needs enhanced checks; it might be the annual report where prior sight could be insider trading; or it could be bank statements or even PIN numbers which require the most control.   If I was in procurement at the bank I might ask all my printers to be able to handle sensitive info because then when I do need something done I don’t need to worry if this was the approved one of not.  If I was the print manager I might then want all my staff to be checked because then when an order comes in I don’t need to worry about who is qualified to handle it.    

it is entirely possible the employer has screwed up comms, but it’s also possible the employee has had plenty of comms but only paid attention to parts of it.

Posted by: BruceWee

↑

I really couldn't work in the UK again.

Because of your credit rating?  I wouldn’t worry there’s plenty of jobs outside of financial services that don’t ask. 😉

Its also possible its not needed at all.  That its someone being over zealous.  Or it might be totally reasonable.

If I was the print manager I might then want all my staff to be checked because then when an order comes in I don’t need to worry about who is qualified to handle it.

The business would need to show that its necessary for all employees to have this for it not to be an unfair dismissal.  Convenience would not be enough

Pretty standard request TBH in the FS industry, and you may think you're just a "factory worker" but if you're involved in the printing of financial documents you're now in the FS industry.

It's threads like these that make me realise how deep state conspiracy theories build! 🙄 

Most likely outcome is employer requires new checks in order to comply with new customer contract terms they have signed up to (something which can be confirmed by OP asking his HR team).  OP has nothing to worry about (assuming no undisclosed 'history') and (most likely, have checked with background check companies) soft credit check, details of pass/fail held on record for the duration of the validity of the check, further details not disclosed under GDPR, life goes on.

Business requirements change, businesses have to be agile to survive, sometimes employees have to embrace the change as well (it's not always about being an excuse to fire people or make their lives harder)!

I've been printing financial work all my working life, and I'm old...well old. This is the first time I've been asked for official checks though. I've had Saudi heavies watching me like a hawk while I've run oil company report and accounts and stuff like that in the past.

Anyway I've fallen in line, mainly after speaking to a number of friends in financial services who've all had to do same . 

Posted by: poly

↑

Because of your credit rating?  I wouldn’t worry there’s plenty of jobs outside of financial services that don’t ask. 😉

No, I think because of the detachment of the average British manager from reality which is allowed to continue because it's just accepted when it really shouldn't be.

For example, a company finds that many of it's clients are demanding a level of security they haven't had to adhere to before.  In countries with sensible (and crucially, enforced) labour laws that company would realise they need to either appoint or hire someone to be the security responsible, ensuring the company understands the regulations it is being asked to adhere to.  That person would also be responsible for ensuring the processes are in place to secure sensitive information throughout the workflow.

If it became clear some or all the workforce required additional checks to comply with certain regulations, that responsible person's job would be to communicate this to the relevant members of the workforce and explain the consequences to the company if these checks couldn't be performed.  New contracts would be drawn up allowing for the newly required checks and employees could choose to sign or not.

This smacks more of, 'Punter says everyone needs a credit check.  Tell the drones they need to do it.  What the **** are they going to do about it, say no?"

New regulations are coming into force in all kind of industries all the time.  Communicating that effectively to your workforce is the bare minimum.

This sounds like an invasion of privacy (and as others have pointed out, there's a greater than zero chance any factory worker is going to have bad credit, then what?) for absolutely no benefit, other than so someone can tick a box and an item on a Risk Identification Matrix can be marked as 'mitigated' whereas in the real world there has been absolutely no change to the risk.

If the OP is genuinely handling sensitive information then he should be well aware of the processes around protecting that data.  And the entirety of the process around protecting the data shouldn't be that he has had a background and credit check.

Like I said, this would be illegal in many countries and yet printers still manage to print stuff for financial institutions.  And probably with better actual data security.

1. Criminal Record Checks in the UK

Legal Basis:

• Under the Rehabilitation of Offenders Act 1974, individuals are not required to disclose spent convictions (with exceptions).

• Disclosure and Barring Service (DBS) checks (which replaced CRB checks) can be requested for certain roles depending on the level of check:

  • Basic: Shows unspent convictions.

  • Standard/Enhanced: Requires legal eligibility (e.g., for financial roles with high trust, vulnerable groups).

Governance Consideration:

• Acceptable if proportionate and relevant to the role (e.g., handling sensitive financial data).

• Should follow fair processing under UK GDPR (clear purpose, necessity, and lawful basis—usually "legitimate interests" or "legal obligation").

2. Credit Checks on Employees

Legal and Ethical Concerns:

• UK Employment Law does not generally allow employers to require credit checks unless the role directly relates to financial management, risk, or regulation (e.g., in banking or financial services).

• Performing a credit check requires:

  • Employee informed consent.

  • A lawful basis under UK GDPR, such as “legitimate interests” or compliance with a “legal obligation”.

  • The check must be proportionate and relevant to the job role.

GDPR & Privacy Issues:

• A credit check involves sensitive personal financial data.

• You must conduct a Data Protection Impact Assessment (DPIA) if the processing is likely to result in high risk to the individuals' rights (which it likely does).

• You must inform employees of:

  • The purpose of the check.

  • Legal basis.

  • Potential consequences.

  • Who the information is shared with (e.g., the US firm).

3. Cross-Border Transfer of Employee Data

• If the US firm is expecting access to UK employee data (e.g., credit history), that constitutes a data transfer to a third country.

• Under UK GDPR, this requires:

  • Adequacy decision (the US does not currently benefit from one—though there are frameworks like the UK Extension to the EU-U.S. Data Privacy Framework).

  • Alternatively, Standard Contractual Clauses (SCCs) and Transfer Risk Assessments (TRAs) must be in place.

• Employee consent alone is not sufficient for these transfers.

4. Governance and Best Practice

Proportionality & Necessity:

• The principle of data minimisation under UK GDPR implies that only data necessary for the stated purpose should be processed.

• Credit checks on printing staff may be seen as disproportionate unless there's a clear financial risk rationale.

Employee Relations:

• Such requirements can undermine trust and fairness.

• You must also consider Employment Tribunal risks if employees feel coerced or discriminated against.

5. Recommendations

1. Push back on credit checks: Request the US firm to clarify the risk basis justifying them. If your staff are not managing funds, it may be unreasonable.

2. Offer alternative assurances: Suggest strengthening internal security, NDAs, background references, or limited scope DBS as alternatives.

3. Review internal policies: Ensure your own employment contracts and policies permit such checks (if you decide to comply).

4. Consult with your DPO or legal counsel: Ensure DPIAs and lawful basis documents are prepared if proceeding.

5. Negotiate contractual safeguards: Include clauses in your US agreement limiting personal data access and enforcing compliance with UK data protection laws.

The points above really centre around GDPR for you, but i would not be permitting this request under my watch and look for different assurances.  The (ultimate) owners of my company have incredibly strict rules around the use pf personal data.  It is un-reasonable to assume all would be ok, it can be asked, but not enforced unless you agree to changes in your contract.

What is that cut and pasted from?

ChatGPT - it's quite an invaluable tool for pulling things together but does always need checking.  The principles in the above are true to the governance courses I’ve had to do as a UK director, including the frankly excessive work around GDPR. Don't be afraid of using AI to get a grasp of your topic/situation etc - you can feed them with various case studies, files etc for analysis and interpretation and keep adding in scenarios and other data or arguments to challenge the original output -pretty much anything to get it to re-asses an answer for you.  The more you understand how to use it, the better the output.

however - DONT PUT ANYTHING SENSITIVE IN i.e. proprietry data, names etc, we are working with our owners on further AI integration but it needs to be non-open source in order to protect IP.

Posted by: theotherjonv

↑

Rather than tell them it's none of their business and go **** themselves, a simple 'can I ask why you need it

I kinda hoped that it would be obvious I was paraphrasing for comic effect.

Posted by: Sui

↑

ChatGPT - it's quite an invaluable tool for pulling things together but does always need checking.

As far as I can tell - I've worked in and adjacent to GRC - that is largely correct.  I've no idea about US affairs though, it's not something that's ever been relevant for me.

UK GDPR states that any holding or processing of data has to be justified.  I'd completely forgotten about the DPIA and that's a great point - it's there not just to protect the subject but to protect the business, it's a document to demonstrate legal compliance. 

I wrote about "legitimate interests" back when Meta pulled a similar stunt.

"I’m not sure why “CRB is ok” and not contractually unreasonable but “credit check” is - I suspect what you actually mean is, “CRB check was so normal in my industry/sector but credit check was not”."

CRB check surely provides evidence that an individual is capable of criminal behaviour. Credit Check provides evidence that an individual has a particular level of financial risk. If you're trying to predict future criminal behaviour, I'd say the first carries more weight than the second.

Posted by: RichPenny

↑

CRB check surely provides evidence that an individual is capable of criminal behaviour.

1) CRB doesn't exist, it was replaced with DBS as Sui explained.

2) It doesn't evidence that you're capable of criminal behaviour, it evidences that you don't have any unspent criminal convictions.  I hold an Enhanced DBS certificate (because my partner works with children), but that doesn't prevent me from deciding to commit tax fraud or murder tomorrow.

Posted by: RichPenny

↑

Credit Check provides evidence that an individual has a particular level of financial risk.

My mum had a terrible credit rating.  Reason being, she'd never borrowed anything since "TV rentals" was a thing.  If she couldn't afford to pay for something outright then she went without.  When she died, her savings paid off what was left on my mortgage.  Financial risk?  I'm more of a financial risk than she ever was, I'm unemployed and kinda broke but my credit rating is "excellent."

A credit rating reflects how good you are at paying off debts regularly, not how much debt you are in.  Perversely, paying off my mortgage probably worsened my credit rating.  Creditors want you to have debt because that's how they make their money.  I got really lucky with timing when I took out the mortgage as the interest rate was very low - something like 1.8% IIRC - yet the interest was still almost half of what I was paying out each month.

How any of this has bearing on someone running a printer, I do not know.  There are better security checks to be had if integrity is a concern.

Running a credit check on an employee is not illegal as long as it is done with consent and with a reason. With consent, all kinds of checks can be run, people will lose their minds over what is checked (with consent!) if you want to work in properly secure areas. On you and third parties associated with you in some cases!

https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels

Brucewee is going to have to explain which countries have laws against "this kind of thing" because all countries as far as I know have  security vetting procedures for jobs that have national security implications, the outliers will be ones where they DON'T need consent and just run checks whether you agree or not.

Now, you can argue whether a credit check / security checking is really needed for some roles, this included, but assuming the reason is legit in the end it's an employee's choice, they can refuse and as a result find employment options limited. It's no different really to saying I want to be a child minder but I don't consent to doing any DBS checking. See how that goes.

Likewise you can argue that a credit check is flawed, as Cougar says you can have a bad rating for many reasons, but what is being checked is not the semi-arbitrary numbers of 'Credit Rating' but whether you have eg: debt issues that can be an indicator of eg: being at higher risk of being offered a bribe. I've phrased that carefully - not to whether you'd take it or not, just whether at risk of being offered. A credit check can't say anything about integrity. 

Final decisions can then be made based on the whole suite of information. 

I don’t think it necessarily would be unfair dismissal.

Change to you terms and conditions that you cannot comply with leading to dismissal - I'd love to fight the case

What does 'cannot comply with' mean in this sense? The question is 'because of certain types of work we now want you to undertake, we need you to consent to some additional security checking'  It's as simple as agreeing / signing a piece of paper, everyone can do that. What you're talking about is CHOOSING not to, either out of tinfoil-hatted conspiracy theories, belligerence, or because you know that the results are going to bar you anyway. For sure, requiring a check without a valid reason might be a case to answer.

Some folks need to live in the real world a bit more.

I did work for a printer (20+ years) who did print the security strips for banknotes.

No CRB, no credit checks. 

Better days, eh?

Posted by: theotherjonv

↑

For sure, requiring a check without a valid reason might be a case to answer.

Which is the critical point as made by me and others.  Sometimes employers want excessive checks with no need.  checks should be the minimum needed not the maximum possible

My current job (until tomorrow when I retire) is assuring suppliers against technology-based controls that they're contracted to implement and maintain (to be a supplier to a Bank).

These "controls" include checks such as the OP has raised and many, many more plus obviously training & compliance.

While most reviews are now done remotely, where a supplier will be 'manually' handling customer data I also spend a day or so onsite checking out the physical controls etc.

I appreciate that many folk on the forum have no experience of these kind of 'issues', but just because they've never heard of them doesn't make them wrong nor OTT, it's just the modern world - and as I heard yesterday, no doubt against some folks Rule 3 🙂

Thank you Douglas Adams:

“I've come up with a set of rules that describe our reactions to technologies:
1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
3. Anything invented after you're thirty-five is against the natural order of things.”

Any form of security vetting is not really about identifying past criminality. 
It’s about exposing potential future reasons for a third party to coerce you into doing something against your will. 
They want to know what levers you might have that could be pulled. 
They generally don’t care particularly about what you may have done in the past but they very much do care if you’re prepared to lie about or conceal it.

Nigel Havers to play CFH in the movie.

There os no danger Nigel would put those shoes on for any role.

Sorry if I missed it amid this thrilling debate, but did the OP actually give the employer's stated reason for needing this in the end?

Posted by: theotherjonv

↑

It's no different really to saying I want to be a child minder but I don't consent to doing any DBS checking. See how that goes.

That's precisely why I have it.  My other half is a WFH childminder, I was WFH at the time also so needed to have the Enhanced DBS because I was regularly in the house.  It's a bit of a chore to complete but it's innocuous enough.

I wouldn't like people in my own organisation to know my financial position. And I would not be happy with another load of random people who I know precisely nothing about knowing either.

Just how many prying eyes at each end of the information chain have access to your personal financial position?

Are you going to get to see their bank statements ? I didn't think so 

Who is going to be the custodian of this information?

How long is this information going to be kept on record?

How secure is the information as it's not in the receiptiants business to ensure random members of staff from a third party supplier doesn't get hacked.

I wouldn't like people in my own organisation to know my financial position. And I would not be happy with another load of random people who I know precisely nothing about knowing either.

Then don't give consent. It might limit the roles / employment you can do but that's a free choice.

Posted by: chakaping

↑

Sorry if I missed it amid this thrilling debate, but did the OP actually give the employer's stated reason for needing this in the end?

Sorry, off shift now so trying not to think about the whole work thing.

Long of the short is; client wanted checks, employer wants clients work, I want job (can't believe I wrote that), I do as I'm told.

HR see it as a massive PITA as client wanted the whole company checked. Think a few of us were selected as an offering. I could refuse but as I wrote the other day seems fairly commonplace in anything financial. Still seems a bit Minority Report to me but I've nothing to hide, bar a list of CCJs as long as your arm 😉

Speaking from bitter experience many times over, 

Your employer might well want their business but some clients are more trouble than they're worth and some companies are incapable of saying no (especially in Sales).  "The customer expects [this]..." Well, they can't have it, off you pop and go manage their expectations.

I have cast iron certainty that if they're pulling this sort of shit as part of the bid process then they're going to be a complete pain in the bollocks for years to come before costing you a fortune over an early contract termination to get shut of them.

Posted by: theotherjonv

↑

Brucewee is going to have to explain which countries have laws against "this kind of thing" because all countries as far as I know have  security vetting procedures for jobs that have national security implications, the outliers will be ones where they DON'T need consent and just run checks whether you agree or not.

Talking about Norway, for one.  From what's been posted it sounds like the rules in the UK and Norway are actually pretty similar.  If you want to be CFO then a credit check might well be expected.  If you work on a factory floor, no way.  Any attempt to do so would have the unions rubbing their hands with glee that a company had tried to do anything so stupid.

I'm not sure what's worse,  When I thought it was legal in the UK or the fact that it is also illegal in the UK but employers don't have to care.

Thats not true for Norway Bruce.  I had one run as a part of my job ( in Norway)

Seeing as we like AI

etc.

It's a bit difficult to say if it's true or not from your statement.  If you were loading boxes in a warehouse then yes, it was almost certainly illegal.  If you were working for the Sovereign Wealth Fund then it would be expected.

Posted by: theotherjonv

↑

Credit checks are generally permissible for high-ranking positions with significant financial responsibility.For example, a role involving managing large sums of money or having access to sensitive financial data might justify a credit check.

Yes.  Therefore, not someone working as a printer.

Printers can have access to sensitive financial data. iirc there was an insider trading job done by the FSA where the printers doing prospectus for sales etc etc were getting early access to market sensitive data and dealing on the back of this.

Not just 'a printer' though.

A printer working for a firm that has the contract to print documentation for a financial institution. Documentation that could be sensitive (eg: example previous, the annual report will be printed in advance of the info being publicly available, but could be very useful for an investor to know before the markets do)

It doesn't matter.  If the OP regularly has access to sensitive financial information then he should be well aware of the company's processes regarding this.  Having a credit check should come as no surprise because it should be clearly laid out as part of the training he received in order to conform to the company's rules and UK law.

Perhaps the OP has had this training and just didn't mention it.

Or this is an overreach by a company trying to please a client that is used to not having to follow things like GDPR laws and Data Protection Impact Assessments.

The fact they want to do checks on the entire company raises red flags to me.  This sort of stuff should be the minimum needed.  I'd love to see the justification for this

I think Bruces point is that better workers rights in other countries means that employers realise what their obligations are and don't try to ignore them

I work in Financial Services and almost always have to agree to have a credit and background check carried out by a vetting company when onboarding to a client. I can of course refuse the credit check that means I won’t onboard with client and basically I’d be unemployed as I’d miss my billing requirements. 

Not sure on the need for drama here as we do credit checks every time you change electricity or mobile phone suppliers. OP can obviously say no but they won’t be able to work with that particular client.