The
new code of practice on employers’ sickness records is long, confusing, and has
serious implications for absence management. Paul Nelson reports on how it will
affect HR
The
publication of the Information Commission’s code of practice on employment
records places a significant added burden on the HR profession.
The
delayed Records Management code outlines organisations’ responsibilities
concerning the handling of personal data to ensure they comply with the 1998
Data Protection Act, which came into force in October last year.
Under
the code, HR professionals must be trained in data handling procedures and
ensure that line managers receive similar training so that all staff records
are dealt with appropriately. HR departments will need to introduce a single HR
database for staff records, and annually provide employees with a copy of their
personal details kept on file. HR and other employees who handle personnel data
will have to sign confidentiality clauses in their contracts.
The
code also gives staff rights to access any information held by the HR
department that relates directly to them within 40 days, for a maximum £10 fee.
However,
the code’s interpretation of how HR should handle sickness records is its most
controversial aspect.
Although
employers do have the right to keep absence records – which was prohibited in
the original draft of the code – they will now need the consent of each
individual member of staff to record their sickness details.
HR
professionals have reacted angrily to the guidance, claiming it is impractical
and will cause confusion.
HR
director at financial services firm Skandia, Mark O’Connell, is concerned that
the firm’s system for recording sickness absence breaches the code.
He
said: "It is ludicrous that we have to keep two separate files and need to
ask permission to record the reason for absence. It is not very practical. How
can companies assess if they have an absence management problem?"
Frances
Wright, HR director at psychometric testing company SHL, is concerned that
managing absence effectively could be more difficult following the code’s
publication. "HR needs to be able to classify the reason for absence to
manage sickness absence," she explained.
Employers
will find the code’s guidance on sickness absence records confusing and most
will have to change their policies to comply, according to the CIPD lead
adviser on public policy, Diane Sinclair.
"I
think that the level of consent necessary to hold reasons for illness will not
be fully understood by employers. We will look at this practically, but are not
entirely happy about the separation between personal and sensitive personal
data."
"This
practice may already exist in some companies, where occupational health departments
know why a staff member is off sick, while the HR team only know how long they
have been absent. But many companies will need to change their practices,"
she said.
Sinclair
stressed that organisations will need to get up to speed on the new guidance.
"It
is a bureaucratic burden, but it is good practice and companies will have to
get to grips with it," she said.
Employment
law expert Lucy Baldwinson, professional support lawyer in the employment group
at Allen & Overy, said the code is a significant improvement on the
original draft, but will still pose problems. "The new code offers
slightly more flexibility than the Act itself and the original draft code, but
it means more administration for HR professionals. It will bring more paper
work as HR professionals will not have made any differentiation between the two
[sickness and absence] parts," she said.
The
Information Commission defended its guidance claiming it is the only practical
way to deal with the twin issues of absence records and individual sickness
details. David Smith, assistant information commissioner at the Information
Commission, said: "The law treats the two parts [absence and sickness
records] separately, which is why it is sensible to separate them."
 The length and usability of the code has also
come under fire. The Records Management code is 109-pages long – almost twice
the length of the first 56-page code on recruitment. The CIPD’s Sinclair
described the code as "excessively wordy", and added that employers
could be put off by its size.
Susannah
Haan, legal adviser at the CBI, agreed, claiming the length and complexity of
the code will stop HR professionals from reading it.
Smith
does not dispute this criticism, but explained that some points under the
benchmark sections are repeated in the code’s checklist to try to make it
easier to follow.
He
said: "We understand the concern about the length of the code – it is a
long document. The checklist in all codes essentially repeats the benchmarks,
but has been included because we understand that employers find it useful.
Although we do accept the concern about the of the document’s length, we never
said that every word is to be read by business."
Smith
announced that the commission would publish an executive summary document for
all four codes including a checklist for employers.
The
third and most controversial code, Monitoring at Work, which in its third and
final draft introduced e-mails definitions – outlining which e-mails employers
could legally open and when – is expected at end October.
Smith
stated that the final code on medical records, due out at the end of the year,
is far shorter than the other three codes.
Next
week in Personnel Today we will be publishing an at-a-glance guide to the
Employment Practices DataProtection Code Part 2: Employment Records, but you
can view this guide online now at
Records
management code
What HR needs to do
–
Seek staff permission to keep sickness data
–
Include confidentiality clauses in HR personnel contracts
–
Provide data handling training for HR and line managers
–
Include data protection rights in staff inductions
–
Provide employees with personal details on an annual basis
–
Introduce a single HR database
Q&A
on the data protection codes
–
What is the Data Protection Act?
The
1998 Act is designed to ensure organisations comply with the eight principles
of data protection. These include processing personal data fairly and ensuring
that this information is held only as long as needed
–
What is the records management code?
It
explains employers’ rights and responsibilities under the DPA when handling
staff records
–
How many codes are there?
There
are four codes. The first code on recruitment was published earlier this year;
records management is the second; the third on monitoring is due to be released
in October; and the fourth on medical records is scheduled for the end of the
year
–
What happens if you breach the Data Protection Act?
It
could lead to an unlimited fine in the Crown Court, potential liability of
responsible directors and compensation for the affected employee for damage and
associated stress. Failure to comply could also expose a company to the full
spectrum of employment related claims including sexual, racial and disability
discrimination and unfair dismissal
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
–
What is the Information Commission?
The
Information Commission’s role is to oversee compliance with and enforce the
1998 Data Protection Act
