HR professionals are still confused about their obligations under the Data Protection Act (DPA), according to the assistant information commissioner.
Speaking to Personnel Today ahead of last week’s launch of a good practice guide on employment issues affected by the Act, David Smith said areas such as how to properly keep employee records, monitor e-mails and carry out drug tests were troubling many who work in HR.
“The problem is that the DPA talks in general terms and many HR people have a problem interpreting how it affects them and their role,” he said.
The DPA touches every aspect of the employee lifecycle, from the treatment of job applications through to employer obligations on storing employee records once staff have left, said Smith.
He urged HR departments to effectively communicate the implications of the DPA to line managers. “While HR teams may be up to speed on the DPA, they must also ensure parts of the business working directly with employees know their responsibilities,” he said.
And he warned that data protection should not be left solely in the hands of the IT department.
“There’s a misconception that the DPA is about IT. It’s not. It’s a management issue. It’s about how employee data is collected, what you ask and how you store it —not which system you store it on.”
The Employment Practices Data Protection Code is available online.