DATA PROTECTION

Home > EMPLOYMENT > DATA PROTECTION

This fact sheet will give you some basic information about data protection. You can also listen to it online or download it onto an MP3 player.

Please be aware that this is not legal advice and if you are concerned about any of the issues mentioned you should speak to a lawyer.

You can contact Russell Jones & Walker's solicitors at enquiries@rjw.co.uk or call our freephone number 0800 916 9065.

What does the Data Protection Act do?

The Act protects you by ensuring organisations that hold personal data about you use it in a fair and proper way. It covers a wide variety of organisations, including government organisations, employers, supermarkets, banks and those sending out junk mail.

It applies whether your personal information is held on a computer or in a paper file.

What does the Act cover?

It covers personal data, which means information relating to you. This could include opinions as well as facts about you. There are more strict rules for dealing with sensitive personal data, which relate to your racial or ethnic origin, political opinion, religious beliefs, health, sex life, criminal convictions and trade union membership.

What do organisations holding information about me have to do?

There are eight principles organisations have to follow. These mean information must be obtained and kept fairly and lawfully and for a specific purpose. It must also be relevant, accurate and held securely for no longer than necessary.

How do I know if information about me is being dealt with fairly and lawfully?

Organisations must be able to show:

  • that you have consented to their having the information;
  • or that they need to process the information:
    • for a contract with you
    • to comply with a legal obligation
    • to protect your interests
    • to carry out a public function
    • or to pursue their legitimate interests, providing this does not have a negative impact on your individual rights.

If the organisation is dealing with sensitive personal information, it must also show:

  • that you have given explicit consent;
  • or that they need to process the information for:
    • a legal duty to do with employment
    • legal proceedings or the administration of justice
    • legitimate not-for-profit activities
    • necessary medical purposes.

If they do not meet these conditions, then the organisation will be handling the information illegally.

What are my rights?

You can ask any organisation for access to your personal information.

The main right you have is "subject access rights|. This means you can see information held about you - such as employment records. There are some exemptions, for example, information used to prevent or detect crime.

You can ask any organisation for access to your personal information. They have to reply to you within 40 days with a description of all the personal information they hold about you and where it's from, as well as with copies and an explanation of any codes used. They must also tell you why they are holding the information and who is likely to receive it. They can charge you up to £10 (£2 for limited information from a credit reference company or £50 for medical records).

What happens if an organisation has used my personal information illegally?

If you have been affected by the way your personal information has been used, you can ask the Information Commissioner to look at whether the organisation has acted illegally. You can contact the Commissioner's office on 08456 30 60 60 or using their website ico.co.uk.

Firstly the Commissioner will try to solve the problem informally. If this isn't possible, then he can serve an enforcement notice on the organisation.

You can go to court to claim compensation if you have suffered damage or distress because an organisation has handled your personal information illegally. A court can also ask the organisation to correct or destroy inaccurate personal information.

How is this relevant to me at work?

The Data Protection Act covers a number of work situations. For example, there are quite complicated rules about revealing confidential references and those for the person writing the reference differ from those for the person receiving it. Access to references should normally be allowed providing it does not identify a third party.

For recruitment, organisations should ask only for personal information that is needed to make a recruitment decision. Recruitment agencies should always ask for your consent before passing your details to a prospective employer. You should also be told if the employer is going to seek information about you from another source, for example, if they are going to take up your references.

Employers who carry out medical tests should be able to show that there is a business need for them. The results of any medical tests are also covered by the Act.

Is my employer allowed to monitor my phone calls and emails?

Monitoring must be lawful and fair to employees, so it shouldn't intrude unnecessarily on your privacy or autonomy at work. Your employer should be able to show the benefits of getting this information outweigh any negative impact on you.

Any monitoring should be done openly - secret monitoring is only allowed in very limited circumstances. The Information Commissioner recommends there should be a policy explaining how and why your calls, emails and internet access are being monitored.

SEARCH
Can't find what your looking for? Use our search engine or see what other people are looking for in popular searches. If you still can't find it, let us know.
Copyright © 2007 Your Legal Rights. All Rights Reserved.
Russell Jones & Walker