A new part of the Employment Practices Data Protection Code was
published this week, the second in a series of four Codes of
Practice from the Office of the Information Commissioner. It
explains the procedures for storing personal data about employees
and job applicants and the rights of employees wanting access to
these records. The Code is based on the Data Protection Act of 1998
and should be followed by every employer.
The 1998 legislation places responsibilities on any organisation
to process personal data that it holds in a fair and proper way.
Failure to do so can amount to a criminal offence. The effect of
the Act on how a business processes its information on workers can
be difficult to understand in some areas, which is why the Code was
published – to state what an employer needs to check and what
action needs to be taken.
Although the Code contains guidance and is not legally binding,
it contains the benchmarks that the Commissioner will use when
deciding whether or not to enforce the Act. Consequently,
organisations would be well advised to consider its contents very
carefully.
The three other parts of the Employment Practices Data
Protection Code cover recruitment and selection, monitoring at work
and medical information.
