Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Employee relationsEmployment lawEmployee communicationsHR practiceComputer misuse

Q&A: protecting personal data

by Personnel Today 15 Feb 2008
by Personnel Today 15 Feb 2008

With the recent spate of government mistakes on losing personal data, XpertHR spells out the correct procedures for handling employee information.

Q How does the Data Protection Act 1998 actually define ‘personal data’?

A Under the Data Protection Act 1998, ‘personal data’ simply means information held on record about an individual. Information held in paper format, data stored on a computer system and data processed through e-mail are all covered by the Act, which regulates the processing of data about individuals in employment.

Where information is held manually, it must be ‘structured in such a way that specific information relating to a particular individual is readily accessible’ to be covered by the Act. This means, in effect, that the data filing system must be easy to find and follow.

The Court of Appeal has further held that, to constitute ‘personal data’, information must be significantly biographical and have the individual as its focus.

Q What is ‘sensitive personal’ data, and can it be held on a personal file?

A Sensitive data comprises information about an employee’s racial or ethnic origins, politics, religion, trade union membership, physical or mental health, sex life, sexual orientation, or criminal (or alleged criminal) activities, proceedings or convictions.

Such data must not be held on an employee’s personal file without that employee’s express consent unless the information is necessary to comply with the employer’s legal obligations. Sensitive personal data volunteered on a job application form or during an interview should be deleted from the employee’s personal file, unless retained for legal reasons or in connection with any legal proceedings.

Q What principles are employers obliged to follow to ensure that personal data is handled correctly?

A Employers are obliged under the Data Protection Act 1998 to adhere to eight data protection principles which state that employers must:



  • Process personal data fairly and lawfully (which means that personal information must not be obtained or used unless either the employee has consented or one of a limited range of conditions has been met)
  • Obtain and process data only for specified and lawful purposes (ie use personal information only for clearly agreed purposes)
  • Ensure data is adequate, relevant and not excessive in relation to its stated purpose (ie not store more information than is necessary about a person)
  • Ensure that data is accurate and kept up to date
  • Not keep data for longer than is necessary in relation to its purpose
  • Process data in accordance with the rights of individuals
  • Take appropriate measures against unauthorised or unlawful processing and against accidental loss, damage or destruction of the data
  • Not transfer data outside the European Economic Area without ensuring adequate protection of the data.

Q Does an employer have the right to retain any personal data gathered during the recruitment process?

A The Data Protection Act 1998 created new obligations for employers in relation to information they gather and retain about job applicants (and existing employees). The Act covers all personal information held about an individual, whether the files are set up manually or held on computer. To ensure compliance with the Act, the application form should include a statement about the employers’ intent to process the information and ask the applicant to signify their consent.

Q Does an employer have the right to approach an employee’s GP for information about their health?

A An employer must not approach an employee’s GP for a medical report without first obtaining the employee’s written consent. When doing this, the employer is obliged to inform the employee of their rights under the Access to Medical Reports Act 1988. The employee has the right to see a copy of the report once it is prepared and before it is given to the employer.

The employee also has the right to ask the doctor to remove information that they consider damaging or irrelevant or to refuse to allow the doctor to release the report. These rights do not generally extend to reports prepared by an independent doctor paid for by the employer.

Q For how long should an employer keep an employee or ex-employee’s personnel files?

A The Employment Practices Data Protection Code provides guidance on compliance with the Data Protection Act 1998 regarding the retention of employees’ and former employees’ records.

The Act itself sets no specific period, stating only that personal data should not be kept longer than is necessary for the purpose or purposes for which it is being processed.

Employers can therefore set their own retention periods, so long as these are based on business needs and take into account any professional guidelines.




Personnel Today
Personnel Today

Personnel Today articles are written by an expert team of award-winning journalists who have been covering HR and L&D for many years. Some of our content is attributed to "Personnel Today" for a number of reasons, including: when numerous authors are associated with writing or editing a piece; or when the author is unknown (particularly for older articles).

previous post
Head-to-head: big issues facing employers in 2008
next post
160 UK jobs axed as Morgan Stanley closes Advantage Home Loans subsidiary

You may also like

Who is on strike and when?

3 Oct 2023

Consultants offer ‘olive branch’ on strikes

3 Oct 2023

Will the Predictable Terms and Conditions Act change...

3 Oct 2023

What does it mean to be an HR...

22 Sep 2023

AI in employment: the pitfalls and laws on...

21 Sep 2023

CIPD publishes manifesto for good work

20 Sep 2023

Right to predictable working hours receives Royal Assent

19 Sep 2023

Can an employer withhold a bonus from a...

15 Sep 2023

Rayner pledges employment bill within Labour’s first 100...

13 Sep 2023

Lloyds of London boss urges greater return to...

7 Sep 2023

  • Almost a fifth of UK workers feel undervalued – we need to solve this PROMOTED | A new report has found...Read more
  • Discover the value of CIPD accreditation PROMOTED | See how the CIPD can increase your earning potential...Read more
  • What does it mean to be an HR professional in 2024? (survey) PROMOTED | The world of HR is changing rapidly...Read more
  • The Contractor Management Mastery Pack: Everything you need to manage and pay global contractors PROMOTED | Answers to cross-border...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2023

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2023 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+