new code of practice on employers’ sickness records is long, confusing, and has
serious implications for absence management. Paul Nelson reports on how it will
publication of the Information Commission’s code of practice on employment
records places a significant added burden on the HR profession.
delayed Records Management code outlines organisations’ responsibilities
concerning the handling of personal data to ensure they comply with the 1998
Data Protection Act, which came into force in October last year.
the code, HR professionals must be trained in data handling procedures and
ensure that line managers receive similar training so that all staff records
are dealt with appropriately. HR departments will need to introduce a single HR
database for staff records, and annually provide employees with a copy of their
personal details kept on file. HR and other employees who handle personnel data
will have to sign confidentiality clauses in their contracts.
code also gives staff rights to access any information held by the HR
department that relates directly to them within 40 days, for a maximum £10 fee.
the code’s interpretation of how HR should handle sickness records is its most
employers do have the right to keep absence records – which was prohibited in
the original draft of the code – they will now need the consent of each
individual member of staff to record their sickness details.
professionals have reacted angrily to the guidance, claiming it is impractical
and will cause confusion.
director at financial services firm Skandia, Mark O’Connell, is concerned that
the firm’s system for recording sickness absence breaches the code.
said: "It is ludicrous that we have to keep two separate files and need to
ask permission to record the reason for absence. It is not very practical. How
can companies assess if they have an absence management problem?"
Wright, HR director at psychometric testing company SHL, is concerned that
managing absence effectively could be more difficult following the code’s
publication. "HR needs to be able to classify the reason for absence to
manage sickness absence," she explained.
will find the code’s guidance on sickness absence records confusing and most
will have to change their policies to comply, according to the CIPD lead
adviser on public policy, Diane Sinclair.
think that the level of consent necessary to hold reasons for illness will not
be fully understood by employers. We will look at this practically, but are not
entirely happy about the separation between personal and sensitive personal
practice may already exist in some companies, where occupational health departments
know why a staff member is off sick, while the HR team only know how long they
have been absent. But many companies will need to change their practices,"
stressed that organisations will need to get up to speed on the new guidance.
is a bureaucratic burden, but it is good practice and companies will have to
get to grips with it," she said.
law expert Lucy Baldwinson, professional support lawyer in the employment group
at Allen & Overy, said the code is a significant improvement on the
original draft, but will still pose problems. "The new code offers
slightly more flexibility than the Act itself and the original draft code, but
it means more administration for HR professionals. It will bring more paper
work as HR professionals will not have made any differentiation between the two
[sickness and absence] parts," she said.
Information Commission defended its guidance claiming it is the only practical
way to deal with the twin issues of absence records and individual sickness
details. David Smith, assistant information commissioner at the Information
Commission, said: "The law treats the two parts [absence and sickness
records] separately, which is why it is sensible to separate them."
The length and usability of the code has also
come under fire. The Records Management code is 109-pages long – almost twice
the length of the first 56-page code on recruitment. The CIPD’s Sinclair
described the code as "excessively wordy", and added that employers
could be put off by its size.
Haan, legal adviser at the CBI, agreed, claiming the length and complexity of
the code will stop HR professionals from reading it.
does not dispute this criticism, but explained that some points under the
benchmark sections are repeated in the code’s checklist to try to make it
easier to follow.
said: "We understand the concern about the length of the code – it is a
long document. The checklist in all codes essentially repeats the benchmarks,
but has been included because we understand that employers find it useful.
Although we do accept the concern about the of the document’s length, we never
said that every word is to be read by business."
announced that the commission would publish an executive summary document for
all four codes including a checklist for employers.
third and most controversial code, Monitoring at Work, which in its third and
final draft introduced e-mails definitions – outlining which e-mails employers
could legally open and when – is expected at end October.
stated that the final code on medical records, due out at the end of the year,
is far shorter than the other three codes.
week in Personnel Today we will be publishing an at-a-glance guide to the
Employment Practices DataProtection Code Part 2: Employment Records, but you
can view this guide online now at
What HR needs to do
Seek staff permission to keep sickness data
Include confidentiality clauses in HR personnel contracts
Provide data handling training for HR and line managers
Include data protection rights in staff inductions
Provide employees with personal details on an annual basis
Introduce a single HR database
on the data protection codes
What is the Data Protection Act?
1998 Act is designed to ensure organisations comply with the eight principles
of data protection. These include processing personal data fairly and ensuring
that this information is held only as long as needed
What is the records management code?
explains employers’ rights and responsibilities under the DPA when handling
How many codes are there?
are four codes. The first code on recruitment was published earlier this year;
records management is the second; the third on monitoring is due to be released
in October; and the fourth on medical records is scheduled for the end of the
What happens if you breach the Data Protection Act?
could lead to an unlimited fine in the Crown Court, potential liability of
responsible directors and compensation for the affected employee for damage and
associated stress. Failure to comply could also expose a company to the full
spectrum of employment related claims including sexual, racial and disability
discrimination and unfair dismissal
What is the Information Commission?
Information Commission’s role is to oversee compliance with and enforce the
1998 Data Protection Act