DATA PROTECTION (FROM AN EMPLOYMENT LAW PERSPECTIVE)

DATA PROTECTION (FROM AN EMPLOYMENT LAW PERSPECTIVE)

Further resources:

Employer’s Guide to Personnel Records

Data Protection Policy and Procedure

In the course of employing people most businesses will accumulate a fair amount of personal data relating to employees. Personal data must be processed in accordance with data protection regulations. In a nutshell personal data must:

  • be accessed only by authorised people who have a proper reason to be able to access the data
  • be securely stored (inaccessible to those without authority)
  • be kept for no longer than is necessary
  • not be disclosed to any third party other than by statutory (or similar) order

Under the Data Protection Act employers should only keep information that is ‘relevant’, employees have a right to know what information employers keep about them and why, and employees have the right to view this information providing they give notice of this and in exchange for a ‘reasonable fee’, generally accepted as being £10 or less. This Act also requires employers not to disclose information to third parties unless the employee has given their consent, or it is required by law. This is a complex and wide ranging piece of legislation, but these are basically the main points affecting personnel record keeping.

Data protection guidelines stipulate that you should not store information relating to the details of specific health issues (such data can become classed as ‘sensitive personal data’ for which additional safeguards must exist) within their employee file. These may be stored but must be stored separately from the employee files and only opened when there is cause to do so i.e. in the case of managing a long term sickness absence.

Under data protection regulations employees have a right to view any information held on them either electronically or in hard copy. In practice, where an employee seeks to exercise their rights in this respect, it is normally to inspect their Personnel Record. You do not have to permit access immediately upon request but you must allow access in a ‘reasonable’ period, not exceeding 40 days from the date of a written request. You may charge a fee of £10 to the employee in order to cover your administration and time.

Before the employee sees the contents of the personnel record, you should check through and remove or amend any documents that the employee should not see. These might include items that contain references to persons other than the employee e.g. a document with a list of all employees’ salaries listed on it. You are not required to provide copies of information or to copy the Personnel Record for your employee, although good practice suggests that you should not unreasonably refuse to provide copies of information that relate solely to them.

You should grant an employee reasonable privacy to view their file, but you may instruct them not to remove any items from it. If you think there may be a risk of this, you might want to remain in the room with them, and/or number each page in the file so that you can check that the file is complete afterwards.

Typical Employment Law Pitfalls

Leaving information unsecured can enable unauthorised people to access personal details relating to employees and workers and could most likely result in a breach of Data Protection regulations. Disgruntled employees or ex-employees sometimes request to see copies of the information held on them. Having predictable passwords to websites (including myhrdept.co.uk) will make it easier for people to be able to access any information held about themselves or others. Breaches of DPA can result in hefty fines and the mistreatment of personal information by the employer could result in employees claiming a breach of trust and confidence entitling them to claim constructive dismissal, i.e. as if they had been dismissed.

Typical Employment Law Pitfalls

Leaving information unsecured can enable unauthorised people to access personal details relating to employees and workers and could most likely result in a breach of Data Protection regulations. Disgruntled employees or ex-employees sometimes request to see copies of the information held on them. Having predictable passwords to websites (including myhrdept.co.uk) will make it easier for people to be able to access any information held about themselves or others. Breaches of DPA can result in hefty fines and the mistreatment of personal information by the employer could result in employees claiming a breach of trust and confidence entitling them to claim constructive dismissal, i.e. as if they had been dismissed.

Help & Support

During our initial period with new clients and as part of ongoing HR reviews we will review & advise on how employee information should be stored. We can refer our clients to DPA specialist defence legal teams if required.

Our 2 minute guides are designed to map out HR processes simply, providing links to the documents you are likely to need. If in doubt please contact us for assistance.

myhrdept can provide a range of outsourced HR support including on-site presence if required. We believe we offer the best combination of quality and price available in the UK. Call us on 01628 820515 to discuss your requirements or email us and we’ll call you.