In this series, we delve into the XpertHR reference manual to find essential information relating to one of our features. This month's topic...
The Data Protection Act 1998
The now-repealed Data Protection Act 1984 laid down rules relating to the processing of personal data held on a computer or computer disk. With the Data Protection Act 1998 (DPA) coming into force, the rules apply not only to computerised records but also to data held in a 'relevant filing system'; that is to say, in any manual or paper-based filing system that is structured either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible.
Meaning of personal data
This means data relating to a 'living individual' (an employee) who can be identified from that data or from that and any other information held by the employer (the 'data controller'), or that is likely to come into the employer's possession. It also includes any expression of opinion and any indication of the employer's intentions (or that of any other person within the employing organisation) in respect of that employee - whether contained in (or attached to) a letter, memorandum, report, certificate or other document, or held in a paper-based file, on computer, or by any other automated or non-automated means.
Any personal data 'processed for the purposes of management forecasting or management planning' may be withheld if disclosing it would be likely to prejudice the conduct of the employer's business. Nor do employees have the right to access personal data which contains information concerning their employer's bargaining position in relation to negotiations or discussions about employee pay and benefits or the like.
Sensitive personal data
This consists of information about an employee's:
- Racial or ethnic origins
- Political opinions
- Religious beliefs
- Trade union membership
- Physical or mental health or condition
- Sex life or sexual orientation
- Criminal (or alleged criminal) activities
- Criminal proceedings, criminal convictions or sentences
Sensitive personal data must not be held on an employee's personal file without their express consent - unless it is held in compliance with an employer's legal obliga