Construction industry: privacy compliance when vetting subcontractors

Construction companies routinely vet subcontractors before engaging them on projects. This vetting typically involves Companies Office searches, credit checks, and sometimes vehicle or asset searches (for plant and equipment). Each of these involves collecting personal information about the subcontractor's directors and owners from third-party sources.

The vetting process

A typical subcontractor vet might include:

• Companies Office search — director names, shareholding, compliance status
• Credit check — financial standing of the company and sometimes personal credit of directors
• PPSR search — checking for security interests over plant and equipment
• Health and safety records — third-party H&S databases

IPP3A for company directors

When you search a company and obtain personal information about its directors, IPP3A applies to the directors as individuals. The fact that they hold a public office (company director) does not remove their privacy rights.

Practical approach

• When engaging a new subcontractor, inform their directors that you will be running background checks.

• Get written consent as part of your subcontractor onboarding paperwork.

• Record the consent pathway in DEIS for each lookup.

• If you check directors' personal credit (not just the company's), ensure the consent specifically covers personal credit checks.

DEIS for construction

DEIS allows you to group lookups by subcontractor/matter, making it easy to see all checks run on a particular subcontractor and their directors. The evidence trail links the consent form to each individual lookup.