- Workers have legal right to access information that an employer may hold on them.
- The Data Protection Act contains 8 principles that everyone responsible for using data has to follow.
- All staff have a responsibility under the act to ensure that their activities comply with the Data Protection.
- Data Protection applies when monitoring employee's telephone calls, emails and CCTV.
- Employees who feel the organisation has misused information or hasn't kept it secure can contact the Information Commissioner's Office.
The Data Protection Act is concerned with respecting the rights of individuals when processing their personal information. This can be achieved by being open and honest with employees about the use of information about them and by following good data handling procedures. The act is mandatory and all organisations that hold or process personal data must comply.
The Data Protection Act contains 8 principles:
- personal data should be processed fairly and lawfully
- data should be obtained only for one or more specified and lawful purposes
- the data should be adequate, relevant and not excessive
- it should be accurate and where necessary kept up to date
- any data should not be kept for longer than necessary
- personal data should be processed in accordance with the individuals rights under the act
- data should be kept secure
- personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.
All staff have a responsibilities under the Act to ensure that their activities comply with the Data Protection Principles. Line managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose personal data outside the organisation's procedures, or use personal data held on others for their own purposes.
Workers have a legal right to access information that an employer may hold on them. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes. Arrangements should be in place to deal with requests as a 40 day time limit is stipulated. Information can be withheld if releasing it would make it more difficult to detect crime or the information is about national security. If an employee feels the organisation has misused information or hasn't kept it secure they can contact the Information Commissioner's Office.
Monitoring employees - CCTV, telephone calls, emails
The Data Protection Act will apply if employers are monitoring employees; for example to detect crime or excessive private use of e-mails, internet use etc. However, the act requires that workers should be aware of the nature and reason for any monitoring.
Employers can seek to collect information regarding an employee's health if the employee freely gives consent. Employers should consider why they need the information and exactly what information is needed. This information once collected should be held securely, this could be allowing only one or two people access to the information or by password protecting it. Employers should check that the information collected can be justified.
Published May 2016