The vast majority of recruitment these days appears to be conducted via recruitment agencies, which in effect provides a legal wall of protection for those who use them.
So how would the recruitment agencies gain information on blacklisted workers?
If you study my posts on Michael Shakespeare's application to work for Haden Young (Balfour Beatty Engineering Services) back in 2005, you'll see the Consulting Association (CA) checking procedure in the business.
However, information had to be fed back to the agencies in the instances where a certain worker was rejected following a CA check, either prior to engagement or when a worker had already commenced work on site and then had to be removed following a CA check. The CA member companies had to notify the respective agency of such.
It would therefore not take long for the agencies to see a pattern of rejections from the member companies on certain blacklisted workers, which could provide the source for their own lists.
This contention is supported by this statement from an ex employee of NRL from 2010, who explains the process the consultants in the business had to follow and the information held on three blacklisted workers, Steve Acheson, Graham Bowker and Tony Jones.
On a technical point, the phasing out of a system does not mean a phasing out of the data. It just means that the software to access the data was being updated.