Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Employment lawData protection

How technology can help

by Personnel Today 24 May 2005
by Personnel Today 24 May 2005

Earlier this month, US media giant Time Warner told 600,000 current and former employees that their personal information had gone missing. In the UK, under the Data Protection Act (DPA) 1998, employers are ultimately responsible for the use – and possible abuse – of data. An organisation could be fined if the wrong person was allowed to see the wrong part of an employee’s record.

However, employers are not alone in having to keep on top of data protection issues. Technology providers are also working to respond to legislation that affects their systems – in the UK and around the world.

“It is a very complex task to keep track of every piece of legislation – especially on a global scale,” says Sudhir Jha, manager for enterprise application services at Bangalore-based Wipro Technologies. “The laws are reinterpreted almost on a monthly basis. A company may have multiple data systems covering their people and if one of those systems is not robust, their entire data is at risk,” he says.

Jan Paxton, senior product strategy manager at Northgate HR, says: “Last year, there was some concern about absence data because people were not sure what they were allowed to hold and what they were allowed to see,” she says.

It is acceptable for someone from payroll to see that an employee has been off sick, but not acceptable for them to see why. On the other hand, a health professional accessing the same system may be entitled to see the reason for absence.

To overcome this problem, an HR system holds an employee’s record in one place, but allows access to different parts of that data to different people within the organisation. At the same time, under the Freedom of Information Act, the system must allow an employee to have complete access to all data held about them.

Even before a system starts processing or managing data, there are issues at the point of data entry. “Employees need to give consent to their data being held and managed by these systems,” says Vince Smallhorne, head of workforce excellence at Oracle UK. “We offer a self-service function for employees to enter and update their own information, and at that point, organisations can input their own text to explain why they need that data and how it will be used.”

As Smallhorne notes, this process is not simply required for full-time employees, but for trainees, potential applicants submitting their CVs, temporary workers and contractors – everyone who has contact with the organisation.

“One of the other issues is the expiry of data,” says Mike Richards, managing director of HR software provider Snowdrop Systems. “Some data – such as disciplinary information – may have a time limit on how long you should hold it. However, from a data management point of view, you don’t want to create a system that automatically deletes information.”

Instead, the Snowdrop system uses a programme that checks for data which might require deletion and flags it up for HR managers. “It’s easy to overlook this side of data management and be in breach of the legislation,” he says.

Richards confirms that technology providers do reflect changes in the law in their systems, either by installing updates or advising customers of potential risks. “It can be difficult with existing customers,” he admits. “We need to be particularly vigilant as there can be multiple versions of the same product sold over a number of years – and you can’t force buyers to upgrade.” In these cases, Snowdrop will warn users of a likely ‘administration burden’ connected with legislative changes.

Falling foul of the DPA brings a maximum penalty of £5,000, which if applied to each individual breach across a badly managed set of employee records could prove expensive.

However, according to the Information Commissioner’s Office, this outcome is extremely unlikely. “A reported breach would be investigated and, if proved, the commissioner would issue an enforcement notice requesting the practice to be changed,” says a spokesperson. “That is generally enough to put things right, as people don’t deliberately breach the Act – usually, they don’t realise they are doing it.”

To date it has not been necessary to levy any financial penalty on an organisation. The commission is run on the belief that the DPA is not intended to catch people out but to improve the way information is handled. As long as organisations show a commitment to that improvement, there’s no reason to take further action.

Weblinks

– Data Protection Code Part 4: employee health records www.personneltoday.com/27599.article

– Keep yourself protected www.personneltoday.com/26859.article

– Be safe, be secure www.personneltoday.com/26766.article

– Information Commissioner’s Office www.informationcommissioner.gov.uk





 

Avatar
Personnel Today

previous post
Tribunal applications fall by 24% under statutory procedures
next post
Over-50s campaign could signal end of golden age

You may also like

What has cyber security got to do with...

29 Jun 2022

Oxford study highlights best gig economy firms to...

9 Jun 2022

Tesco appeal against fire and rehire ban to...

8 Jun 2022

Bank holidays: six things employers need to know

5 Jun 2022

P&O Ferries boss denies reputational damage after mass...

27 May 2022

Employers lack data to make IR35 worker status...

25 May 2022

Maternity leave: Cost of living crisis highlights need...

25 May 2022

One in five employers planning ‘no jab no...

19 May 2022

MP demands timeline on carer’s leave legislation

13 May 2022

Queen’s Speech: absence of employment bill leaves organisations...

10 May 2022
  • NSPCC revamps its learning strategy with child wellbeing at its heart PROMOTED | The NSPCC’s mission is to prevent abuse and neglect...Read more
  • Diversity versus inclusion: Why the difference matters PROMOTED | It’s possible for an environment to be diverse, but not inclusive...Read more
  • Five steps for organisations across the globe to become more skills-driven PROMOTED | The shift in the world of work has been felt across the globe...Read more
  • The future of workforce development PROMOTED | Northumbria University and partners share insight...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+