1. How many data protection principles are there?
2. Which of these examples is not likely to be covered by the Data Protection Act 1998?
(a) a pile of papers left in the company basement that contain some information about individuals
(b) details of an individual’s salary held in a manual filing system
(c) an e-mail concerning an incident involving a named worker
(d) a completed job application form
3. Which of these does not constitute ‘sensitive personal data’ for the purposes of the Data Protection Act 1998?
(a) data consisting of information about an individual’s religious beliefs
(b) data consisting of information about an individual’s political opinions
(c) data consisting of information about an individual’s appearance
(d) data consisting of information about an individual’s criminal convictions
4. Sensitive personal data may be processed so long as at least one of specific extra conditions is met. Which of the following is not one of the specified conditions?
(a) the data subject has given their explicit consent to the processing
(b) the employer is justified in believing that the data subject would have given their explicit consent to the processing
(c) the processing is necessary to protect the vital interests of the data subject or another individual
(d) the employer is required by law to process the information for employment purposes
5. How much can an employer charge where an employee requests access to information held on them?
(a) up to £10
(b) up to £20
(c) up to £40
(d) nothing – information must be provided free of charge
6. Within what period must an employer respond to a subject access request?
(a) within 10 days
(b) within 20 days
(c) within 40 days
(d) within such period as the employer considers reasonable
7. What rights of access do employees have to job references?
(a) they have no right to access job references
(b) they have the right to access references both from the giving organisation and from the receiving organisation
(c) they have the right to access references only from the giving organisation
(d) they have the right to access references only from the receiving organisation
8. Which of the following is not the subject of part of the Employment Practices Data Protection Code?
(a) recruitment and selection
(b) employment records
(c) monitoring at work
(d) termination of employment
Did you know:
– that if a job candidate requests access to notes made on them during an interview, the request must be granted unless the notes are so unstructured that they fall outside the Act?
– that sickness records contaning details of the illness or condition responsible for a worker’s absence constitute sensitive personal data, but that absence records recording absences in broad terms of ‘sickness’ or ‘injury’ do not?
– that following the Employment Practices Data Protection Code should help you to meet other legal requirements? The Code is intended to be consistent with other legislation affecting employment practices such as the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000
– that carrying out an’impact assessment’ should help you judge whether the benefits gained from processing information on workers’ health justify the intrusion of their privacy?