Most employers are ignorant of new rules on data protection due to come into
force next week and run the risk of prosecution.
A survey by City technology firm Tarlo Lyons and The Opus Group shows that
61 per cent of firms are not aware of the impending 23 October deadline for
compliance with the Data Protection Act 1998.
Following this date, employers must give staff access to the majority of
their personal records including assessments, complaints, interview notes,
sickness records and, with some exceptions, references.
Organisations that do not comply risk prosecution and will be vulnerable to
"The findings of this survey must act as a wake-up call to companies on
the impending deadline," said Andrew Rigby, head of e-business and banking
technology law at Tarlo Lyons, which surveyed 137 managers responsible for data
Assistant Information Commissioner David Smith said employers should take
the date seriously.
He said, "Now is the time to look at the requirements of the Act, check
you are complying and inform your staff how their information is being
The Information Commission has the power to bring criminal prosecutions
against companies that are in breach of the Act and individuals can also bring
actions against organisations.
Smith added that tribunals are likely to find against companies that breach
the Act through their misuse of personal information.
CIPD employee relations adviser Diane Sinclair stressed companies that have
not complied should take action now.
"Generally speaking, ignorance is no defence. Legal compliance with the
act is important. Companies must be sure they are up to date and meeting the
requirements," she said.
Trust works with staff to meet date
The HR department at Poole Hospital NHS Trust has been working
with managers and consulting with staff in order to meet the DPA deadline.
Marie Cleary, HR manager for the trust, said, "The Act has
given HR professionals an additional focus for how we hold and use information.
"Part of our preparation and groundwork has been to look
at how records are held and to advise managers on good practice."
Cleary said the HR team needs to check personal information
already held and advise staff how the Act will affect them individually.
"This work is significant in an organisation of 3,500
staff and so needs careful planning to ensure we meet the terms of the
Act," she said.
The Act in brief
– Employers must make sure the majority of their personnel
files are available to staff
– Companies must have adequate technical and organisational
security measures in place to protect the confidentiality, integrity and
availability of the data stored on their systems
– The Act places tighter controls on what organisations do with
the personal information they collect, including to which countries it can be