Ever since the draft code on data protection appeared last October, HR
managers and employers have been up in arms about the draconian rules they face
and the difficulty of making much sense of the code’s 200 standards. Last week,
the Information Commission convened a special conference to reassure us all.
On the plus side, the commission has agreed to simplify the code, get
experts in to write the final draft and let important bodies, including the
CIPD, look it over. This will at least make it clearer how the contradictions
between last year’s RIP regulations, which appear to authorise e-mail and
Internet monitoring, fit in with the guidance in the code. The revised code
will also make it easier to distinguish between what the commission thinks
would be nice for employers to do and what firms must do to avoid breaching the
Data Protection Act.
But the key worries for employers haven’t been resolved. Although David
Smith, the Assistant Information Commissioner, acknowledged that the original
version didn’t take on board the risks for employers, he did not suggest there
would be any changes of substance in the revised code. And the lucky people who
have to implement it are, you guessed it, the HR profession.
Data protection is a complex area covering the legal requirements of the
employment contract and the Human Rights Act, as well as direct data protection
law. It is not the commission’s job to find a middle ground between employers
and staff, but simply to interpret the law.
At the conference, a learned lawyer compared data protection law at work to
a game of snakes and ladders. As another speaker pointed out, at this rate it
could be more like playing Russian roulette.
Noel O’Reilly, Editor