On your guard
Elizabeth Cooper and Christopher Perrin examine recent developments in relation to the safeguarding of vulnerable groups and assess their impact on the public sector.
Working with children and vulnerable adults is highly regulated. This includes, for good reason, vetting anyone who applies for a job working with either of these groups (the "Vulnerable Groups"). However, the Safeguarding Vulnerable Groups Act 2006 (the "Act") goes much further than merely vetting those whose jobs involve working with Vulnerable Groups. Although the Act is only partially in force at present, the remaining provisions could be implemented at various stages over the coming years, at a considerable cost to the public sector, their ICT service providers and other data processors.
The Act was created (and subsequently passed) as a result of the Bichard Inquiry (the "Inquiry"), which was instigated in the wake of the Soham murders in 2002 (when schoolgirls Jessica Chapman and Holly Wells were murdered by Ian Huntley, the caretaker of the school which they attended). The Inquiry questioned, amongst other things, the way in which people are recruited by employers to work with Vulnerable Groups. In particular, it criticised the way in which background checks are carried out in advance of the commencement of relevant employment.
The Inquiry produced a report (www.bichardinquiry.ork.uk/10663/report.pdf) in June 2004 which, at recommendation 19, highlighted the need for a single agency to vet all individuals who want to work with Vulnerable Groups and to bar unsuitable people from doing so. Hence, the Act was soon born and the Independent Safeguard Authority ("ISA") was set up to fulfil this role across England, Wales and Northern Ireland. This function has become commonly known as the vetting and barring scheme ("VBS").
The ISA and CRB checks
Prior to 30 January 2009, the Secretary of State was responsible for administering three statutory lists, detailing the names of individuals who were considered unsuitable to work with Vulnerable Groups, namely
1. POCA list (held pursuant to section 1 of the Protection of Children Act 1999);
2. List 99 (in relation to the education sector and held pursuant to section 142 of the Education Act 2002); and
3. POVA list (protection of vulnerable adults and held pursuant to section 81 of the Care Standards Act 2000).
The ISA took over responsibility for these lists on 30 January 2009. Thereafter, on 12 October 2009, the POCA and POVA lists were replaced by the ISA Children's barred list and the ISA Vulnerable Adults barred list.
Also on 12 October 2009, it became a requirement for employers to carry out an enhanced Criminal Records Bureau ("CRB") check on new recruits seeking to work with Vulnerable Groups. Prior to this date, those persons who would not have direct contact with Vulnerable Groups would only have to undergo a standard (less stringent) CRB check. Hence, as the law stands, the ISA scheme is clearly not intended to replace the system of carrying out CRB checks. This is perhaps due to the differences between ISA and CRB checks. Whilst an ISA check will simply reveal whether a certain individual is barred from working with Vulnerable Groups, a CRB check will capture wider information about that person's criminal record history. This is significant when one considers that a barred person may not always have committed a criminal offence and that a person who has a criminal history may not necessarily be barred. Even so, as a result of a recommendation made by the Chair of the ISA on 14 December 2009, the Government plans to review the statutory requirements for CRB disclosures in the case of those persons who work with Vulnerable Groups that have already registered with the ISA.
In addition to the above, on 12 October 2009, it became an offence for employers, personnel suppliers, regulated activity providers and individual workers to permit a barred person to engage in regulated activity. An activity is regulated if it falls within the list of activities prescribed within the Act or if it is carried out at prescribed establishments and gives persons the opportunity to have contact with children or vulnerable adults. Some examples of prescribed activities are teaching, training, instruction, supervision and advice. Some examples of prescribed establishments are schools, children's homes, childcare premises and care homes.
And, if certain bodies, including regulated activity providers, have reason to believe that an individual has harmed or is a risk to Vulnerable Groups, those bodies are now legally obliged to refer any relevant information to the ISA. If they do not, they run the risk of being fined or (in the case of offending individuals) imprisonment.
Importantly, from November 2010, the Act states that anyone who wishes to work in regulated activity with Vulnerable Groups must register with the ISA. However, in June 2010, the coalition government announced an immediate halt to the registration system. This was an acknowledgement by the new government that the planned registration scheme is severely flawed.
Following a consultation and review of the Act, in February 2011 the Protection of Freedoms Bill was introduced to Parliament ("the Bill"). In short, the Bill aims to scale back the existing legislation protecting Vulnerable Groups to "common sense levels".
At the time of writing, the Bill is awaiting a date for the Report Stage in the House of Commons. Hence, it still has a long way to go until it becomes law. Until then, readers should be aware of the provisions of the Act that remain in force as well as those which could come into force if the Bill fails to complete its journey successfully through Parliament.
Of particular note, the following parts of the Act will remain in force:
- the ISA will continue to maintain a Children's barred list and a Vulnerable Adults barred list;
- the duty of referral will continue to apply; and
- it is still a criminal offence to employ barred individuals.
Regulated activity providers
Rather unhelpfully, the ISA has issued very little guidance about what is meant by "regulated activity provider" ("RAP"). Hence, scrutiny of the Act is required. The Act states that for someone to be a RAP, three conditions must be met:
1. They must be responsible for the management or control of the regulated activity
2. Exercise of that responsibility must not be subject to supervision or direction by any other person for those purposes; and
3. They must make (or authorise the making of) arrangements for another person to engage in that activity, whether in connection with a contract of service or services or otherwise.
In view of the above, it is clear that an employer or a third party organisation (i.e. where a service has been outsourced) could be a RAP. However, where e.g. a local authority outsources a regulated activity, it is unclear which entity is the RAP (i.e. the local authority, the service provider or both). It certainly appears possible to construe the above conditions in a way which makes both the local authority and the service provider RAPs. Hence, it is advisable for a local authority outsourcing regulated activity to ensure that it manages the risk of being deemed a RAP itself. It is likely that this can be achieved with appropriate and effective drafting.
Controlled activity
Whilst the need for most of the above safeguards is (arguably) quite clear, the same cannot be said for all of the other provisions in the Act. Most controversially, from 1 January 2014, the Act states that all individuals seeking to work in controlled activity will also have to register with the ISA. Further, it states that from 31 July 2015 every person working in a controlled activity (i.e. including current workers) must be registered with the ISA. (Except barred people who cannot register but who can perform controlled activities if sufficient safeguards are put in place.)
By registering, the employee or worker essentially acknowledges and agrees that their suitability to work with children or vulnerable adults will be continually monitored. Whilst Vulnerable Groups must be protected, there is also a balance to be struck between what is practical, reasonable and proportionate.
Controlled activities are activities other than regulated activities which are carried out frequently, intensively or overnight and which give the worker the opportunity to have any form of contact with Vulnerable Groups or have access to their records. This is clearly very far reaching so, for example, a data centre worker (regardless of who the worker's employer happens to be) with access to children's records may be held to be carrying out a controlled activity.
Hence, given the nature of a data centre and the ability of a data centre worker to have access to records, the frequency and access limbs will apply in many cases and, therefore, affected data centre workers will be undertaking controlled activities.
Like the above registration programme for individuals working in regulated activities, the timetable for controlled activities is similarly flawed and is currently under review by the Government. As a result, the timetable prescribed by the Act is unlikely to reappear.
Prior to the government's consultation and review of the Act, it was argued, amongst other things, that the concept of "controlled activity" is unnecessary and goes a step too far, placing an excessive burden on public sector employers and potentially deterring persons from volunteering in the public sector.
Protection of Freedoms Bill
Importantly, if the Bill is subsequently enacted, the government intends to abandon the concept of "controlled activity" which is burdensome, confusing and unnecessary. This would mean, amongst other things, that staff working in data centres that have the technical ability to access information relating to Vulnerable Groups will not be regulated. ICT service providers, their public sector customers and other data processors will no doubt be letting out a sigh of relief at this prospect. However, only time will tell whether this concept is in fact banished altogether.
Some other changes recommended by the Bill are:
- The CRB and ISA should be merged and a single Non-Departmental Public Body or Agency created to provide a barring and criminal records disclosure service.
- The new barring regime should cover only those who may have regular or close contact with Vulnerable Groups.
- Registration should be scrapped – there should be no requirement for people to register with the scheme and there will be no ongoing monitoring.
Until the Bill becomes law, there is clearly a risk (however small) that the proposals for regulated and controlled activities may remain unchanged. Even if not, local authorities need to be acutely aware of any changes to the timetables and concepts introduced by the Act and, where outsourcing regulated activities, should fully review their contracts with service providers to ensure that appropriate and effective drafting limits the risk of a breach of the Act or any relevant provisions subsequently enacted.
Elizabeth Cooper is a partner and Christopher Perrin is an associate at Nabarro. Elizabeth can be contacted on 0114 279 4029 or at This email address is being protected from spambots. You need JavaScript enabled to view it..