Using disclosure information

If you’re handling disclosure information, you must do this responsibly and lawfully. You should not keep information for longer than you need to. It should only be used for the purpose you got it.

For example, if a disclosure was used for recruitment for a particular job, then it should only be used for the recruitment decision. It should not be used or kept for another purpose.

You should explain how your organisation processes disclosure information in your internal policies. This should include your retention, storage and secure destruction practices.

Storing and disposing information

You’re responsible for disclosure information provided to you. You must ensure that unauthorised viewing, copying, transmission, storage, printing or fraudulent manipulation of disclosure information does not take place.

If a paper copy of disclosure information must be stored, for example until a recruitment process is concluded, this should be stored securely. For example, in a lockable and non-portable storage unit.

You must not keep a photocopy or other image of the disclosure information. This should be deleted.

Information policies 

Registered bodies must comply with the UK General Data Protection Regulations and the Data Protection Act 2018. You should also have a privacy policy on the handling of disclosure information. 

Umbrella bodies must also take steps to ensure that third-party organisations, for whom they countersign or make disclosure applications, have relevant policies in place. 

More information about privacy is on the Information Commissioner Office’s website.