Data Protection Policy - References and Recruitment

References given by Swansea University in connection with education, training or employment, appointing office holders, or providing services are exempt from data subject access requests under the Data Protection Act. The University is therefore under no obligation to disclose the data contained in copies of references given by Swansea University staff. However, references received by Swansea University for the same purposes are not exempt from subject access requests. This has the following implications, which should be taken into consideration by staff who are asked to provide references:

  • References received by Swansea University from other individuals or organisations may have to be disclosed in response to subject access requests directed at Swansea University.
  • References from Swansea University to other organisations may have to be disclosed by those organisations in response to subject access requests.

A reference will also contain personal data about the referee, such as the referee's name and address, and possibly confidential information about the referee or third parties. The information contained in a confidential reference need not be released if it would identify the referee, unless one of the following conditions can be satisfied:

  • The referee's identity can be protected by anonymising the information.
  • The referee has consented to the release of the data.
  • It is reasonable in all circumstances to release the information without the referee's consent.

Guidance has been issued by the Information Commissioner on handling subject access requests for references, which emphasises that such requests should be dealt with on a case by case basis. All requests from data subjects for access to references should be referred to the Information Compliance Officer (FOI/DP).

Given the possibility that a reference may be disclosed as a result of a Data Protection Act request, referees should avoid making statements in references which cannot be supported by factual evidence.

University staff involved in recruitment and selection should be aware that information in documents such as interviewers' notes could potentially be disclosed to data subjects in response to access requests. Staff should therefore ensure that any feedback which is provided to candidates after interview is consistent with and can be supported by the documentation relating to the recruitment and selection process.