|
|
 |
| The Employment practices data protection code: part 3: monitoring at work) |
List of UK acts |
|
 |
|
| |
Crown Copyright Acknowledged
Part 3: Monitoring At Work
Section 1: About The Code | | This Code is intended to help employers comply with the Data Protection Act and to encourage them to adopt good practice. The Code aims to strike a balance between the legitimate expectations of workers that personal information about them will be handled properly and the legitimate interests of employers in deciding how best, within the law, to run their own businesses. It does not impose new legal obligations.
|
| | The Employment Practices Data Protection Code deals with the impact of data protection laws on the employment relationship. It covers such issues as the obtaining of information about workers, the retention of records, access to records and disclosure of them. Not every aspect of the Code will be relevant to every organisation - this will vary according to size and the nature of its business. Some of the issues addressed may arise only rarely - particularly for small businesses. Here the Code is intended to serve as a reference document to be called on when necessary.
This part of the Code recommends how your organisation can meet the requirements of the Data Protection Act through the adoption of good practice where you wish to monitor the activities of your workers.
|
Benefits of the Employment Practices Code: |
| | Following the Code will:
increase trust in the workplace - there will be transparency about information held on individuals, thus helping to create an open atmospherewhere workers have trust and confidence in employment practices.
encourage good housekeeping - following the Code encourages organisations to dispose of out-of-date information, freeing up both physical and computerised filing systems and making valuable information easier to find.
protect organisations from legal action – adhering to the Code will help employers to protect themselves from challenges against their data protection practices.
encourage workers to treat customers’ personal data with respect -following the Code will create a general level of awareness of personal data issues, helping to ensure that information about customers is treated properly.
help organisations to meet other legal requirements - the Code is intended to be consistent with other legislation such as the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000 (RIPA).
assist global businesses to adopt policies and practices which are consistent with similar legislation in other countries - the Code is produced in the light of EC Directive 95/46/EC and ought to be in line with data protection law in other European Union member states.
help to prevent the illicit use of information by workers - informing them of the principles of data protection, and the consequences of not complying with the Act, should discourage them from misusing information held bythe organisation
|
What is the legal status of the Code? | | The Code has been issued by the Information Commissioner under section 51 of the Data Protection Act. This requires him to promote the following of good practice, including compliance with the Act’s requirements, by data controllers and empowers him, after consultation, to prepare Codes of Practice giving guidance on good practice.
The basic legal requirement on each employer is to comply with the Act itself. The Code is designed to help. It sets out the Information Commissioner’s recommendations as to how the legal requirements of the Act can be met. Employers may have alternative ways of meeting these requirements but if they do nothing they risk breaking the law.
Any enforcement action would be based on a failure to meet the requirements of the Act itself. However, relevant parts of the Code are likely to be cited by the Commissioner in connection with any enforcement action that arises in relation to the processing of personal information in the employment context.
|
Top
Who does data protection cover in the workplace? |
| | The Code is concerned with information that employers might collect and keep on any individual who might wish to work, work, or have worked for them. In the Code the term ‘worker’ includes:
- applicants (successful and unsuccessful)
- former applicants (successful and unsuccessful)
- employees (current and former)
- agency staff (current and former)
- casual staff (current and former)
- contract staff (current and former)
Some of this Code will also apply to others in the workplace, such as volunteers and those on work experience placements.
|
What information is covered by the Code? | | It is likely that most information about individuals that is processed by an organisation in the employment context will fall within the scope of the Data Protection Act and therefore within the scope of this Code.
|
| | The Code is concerned with 'personal information'. That is, information which:
relates to a living person, and
identifies an individual, whether by itself, or together with other information in the organisation’s possession or that is likely to come into its possession.
All automated and computerised personal information is covered by the Act. It also covers personal information put on paper or microfiche and held in any 'relevant filing system'. In addition, information recorded with the intention that it will be put in a relevant filing system or held on computer is covered. A relevant filing system essentially means any set of information about workers in which it is easy to find a piece of information about a particular individual.
[Note: At the date of publication the case of Durrant v the Financial Services Authority is still before the courts. The explanation of ‘relevant filing system’ is based on the Information Commissioner’s previously published advice. This may need to be amended as the case law develops.]
|
| | The Act applies to personal information that is subject to ‘processing’. For the purposes of the Act, the term ‘processing’ applies to a comprehensive range of activities. It includes the initial obtaining of personal information, the retention and use of it, access and disclosure and final disposal.
|
Examples of personal information likely to be covered by the Act include: |
| |
- details of a worker’s salary and bank account held on an organisation’s computer system or in a manual filing system
- an e-mail about an incident involving a named worker
- a supervisor’s notebook containing sections on several named workers
- a supervisor’s notebook containing information on only one individual but where there is an intention to put that information in that person’s file
- a set of completed application forms
|
Top
Examples of information unlikely to be covered by the Act include: |
| |
- information on the entire workforce’s salary structure, given by grade, where individuals are not named and are not identifiable
- a report on the comparative success of different recruitment campaigns where no details regarding individuals are held
- a report on the results of “exit interviews” where all responses are anonymised and where the results are impossible to trace back to individuals
- manual files that contain some information about workers but are not stored in an organised way, such as a pile of papers left in a basement
In practice, therefore, nearly all employment-related useable information held about individuals will be covered by the Code.
|
|
Crown Copyright Acknowledged |
|
|
|
|
| |
|
|
Legal documents |
Divorce help |
Special document drafting |
Legal advice |
Wills services |
Free legal articles |
County courts |
Crown courts |
Magistrate courts |
Share success as lawyer |
Net Lawman worldwide network |
Related law and business services
|
Contact us |
Who we are |
Special sales partners |
Terms and conditions |
Privacy policy |
Sitemap
© 2000 - 2006 Net Lawman Ltd. All rights reserved.
|
|
|
|
|
|
| | |
