To provide an up-to-date snapshot of employers' current policies and procedures on the use of personal data in employer-employee relationships, IRS and leading employment law firm DLA jointly surveyed a panel of employers on the eve of the first anniversary of the Data Protection Act 1998 (DPA) coming into force.
They questioned them about the extent to which practice in their organisations complies with the Act in several key areas, and about how far they make use of some of the "good-practice" procedures set out by the Data Protection Commissioner in the draft Code of Practice on the use of personal data in employer-employee relationships. A summary of the main findings follows.
Data protection policies: Half of the panel have adopted a formal data protection policy that includes employment practices such as payroll, personnel and work-planning administration. Public-sector organisations are more likely to have adopted such a policy than their private-sector counterparts. Three-fifths of public-sector employers have a written data protection policy covering employment issues, compared with half of private-sector manufacturing and utility companies, and only two-fifths of private service-sector firms.
More than four-fifths of respondents whose organisations do not have a formal policy plan to introduce one in the future. This leaves only four respondents who told us their organisations neither have a policy nor have plans to introduce one.
Data protection register notification: Well over four-fifths of our panel members report that their organisation has a data protection register entry. Broken down by broad sector, the proportion of employers with a register entry amounts to more than nine-tenths in the public sector, just less than three-quarters among private manufacturing and utility firms, and just over four-fifths among private-service sector companies. Just under one-sixth of respondents told us their organisations do not have a register entry.
Responsible manager: About three-quarters of IRS/DLA panel members measure up to the Data Protection Commissioner's notion of "good practice" in relation to the management of employment data - in that their organisations have a specific individual who has overall responsibility for ensuring that