UNISON Scotland Data Protection Act Briefing

This is our archive website that is no longer being updated.
For the new website please go to www.unison-scotland.org

Join UNISON
Click here

Home

Briefings Home | Responses | PFI Index | Policy Guide

DATA PROTECTION ACT BRIEFING No 48

Communications

1998 Data Protection Act Briefing No 48

The 1998 Data Protection Act, which covers data on both computerised and manual systems, is designed to protect the individual's personal data from potential misuse, abuse, misrepresentation or unwarranted intrusion by those who process such data, whether in commerce or government. Any organisation, which holds paper or electronic information relating to living individuals must adhere to the legal requirements, imposed by the Data Protection Act and they must comply with the eight enforceable principles of good practice. These principles say that data must be:

fairly and lawfully processed;
processed for limited purposes;
adequate, relevant and not excessive;
accurate;
not kept longer than necessary;
processed in accordance with the data subject's rights;
secure;
not transferred to countries without adequate protection.

The Information Commissioner, who is responsible for enforcing compliance with the Data Protection Act 1998, has produced the Employment Practices Data Protection Code. The Code will be published in 4 parts and is essentially a series of benchmarks for employers to assist them in complying with the eight principles of data protection and to establish good practice for the handling of data in the workplace. The first two parts of the code have already been published, 'Recruitment and Selection' was published in March 2002 and 'Employment Records' published in October 2002. The two further parts of the code dealing with 'Monitoring at work' and 'Medical Information' will be published early in 2003. Although these codes are not legally binding employers who comply with these codes will be deemed to be complying with the DPA.

1. Recruitment and Selection

Part 1 of the code deals with the handling of data in relation to the recruitment and selection of staff. This includes current and former employees, applicants and former applicants (both successful and unsuccessful), agency workers, casual workers and contract workers. Some aspects also apply to others in the workplace such as volunteers and those on work experience placements. Part 1 of the code sets benchmarks in the following stages of the recruitment process;

Managing data protection
Advertising
Applications
Verification
Short-listing
Interviews
Pre-employment vetting
Retention of recruitment records

A copy of part 1 of the code can be accessed at http://www.dataprotection.gov.uk/epdpcrs.pdf

2. Employment Records

Part 2 of the code outlines an organisation's responsibilities in the maintenance of employee records. Of the 16 areas addressed in part 2 of the Code, areas of particular interest include:

Sickness and absence records - Any sickness and accident records detailing the medical cause of any absence, should be held separately from absence records which do not record the medical cause of any absence.

Security – Appropriate security should be in place to protect employee data against unauthorised access, loss or destruction

Subject Access – Systems should be in place for responding to employee access requests within the statutory 40 days.

Equal Opportunities Data - Information used in connection with equal opportunities monitoring should be anonymised whenever possible.

Pension and Insurance Schemes – Information collected for work-related pension and insurance schemes should not be used for other general employment purposes.

A copy of part 2 of the code can be accessed at http://www.evh.org.uk/uploaded/members/Dataparttwo.pdf

3. Monitoring at Work

Part 3 of the Code has been published in draft form, for consultation purposes only, and remains unfinalised. The draft Code addresses various forms of monitoring which may take place in a workplace context and deals with the following areas:

Action for Branches

Check employer policies and collective agreements have been reviewed in line with the codes
Managing Data Protection
Monitoring - General Considerations
Monitoring Communications
Video and Audio Monitoring
Covert Monitoring
In-Vehicle Monitoring
Monitoring Private Information

The key concept that runs through part 3 of the Code is "proportionality" and that in terms of the monitoring of staff employers should consider whether they are acting in a manner that is proportionate to the perceived harm they are seeking to prevent. Importantly, whilst the code itself is not finalised the eight principles of the Data Protection Act still apply

The draft copy of part 3 of the code can be accessed at http://specials.ft.com/spdocs/monitoringdraft3.pdf

4. Medical Information

At the time of compiling this briefing (Dec 2002) the Information Commissioner has not yet published part 4 of the Code. However it is likely that part 4 will address in greater detail the fact that health records of an employee constitute sensitive personal data, and will therefore be subject to tighter conditions than those that apply to personal data.

Action for Branches

Check employer policies and collective agreements have been reviewed in line with the codes

Are you satisfied with data security arrangements, particularly in relation to recruitment and selection and employment records

Contacts list:

Dave Watson - d.watson@unison.co.uk

@ The P&I Team
14 West Campbell St
Glasgow G26RX
Tel 0845 355 0845
Fax 0141-307 2572

Further Information

A copy of part 1 of the code can be accessed at http://www.dataprotection.gov.uk
/epdpcrs.pdf

A copy of part 2 of the code can be accessed at http://www.evh.org.uk/uploaded/
members/Dataparttwo.pdf

The draft copy of part 3 of the code can be accessed at http://specials.ft.com/spdocs/
monitoringdraft3.pdf

Contacts list:

Dave Watson -
d.watson@unison.co.uk

@ The P&I Team
14 West Campbell St
Glasgow G26RX
Tel 0845 355 0845
Fax 0141-307 2572