The Information Commissioner has published part two of the Employment Practices Data Protection Code and its requirements are effective immediately. Warren Wayne explains the code and what you need to do to comply with it
Part two of the Employment Practices Data Protection Code guides employers over the handling and retention of various types of employee records. Although, strictly speaking, still within the second transitional period (which expires on 23 October 2007) under the Data Protection Act 1998, the Act is now fully effective in relation to the rights of data subjects and the maintenance of employee records.
Whose records are covered?
In the context of the employment relationship, the code applies to records kept on the following people:
- Current job applicants (whether successful or not)
- Previous job applicants (whether successful or not)
- Current employees
- Former employees
- Agency workers (both current and former)
- Casual workers (both current and former)
- Contract workers and freelancers (both current and former)
What does the code demand of these records?
The code applies the eight data protection principles to these categories of staff. The most relevant of these are the third, fourth and fifth principles, which require employee records to be:
- Not excessive in relation to the purposes for which they are used and stored
- Kept up-to-date where necessary
- Not kept for longer than is necessary
What is the legal status of this code?
Although the code is not legally binding, it sets standards of good practice. According to the commissioner, this includes both compliance with the letter of the law and the spirit of the legislation. Naturally, there is some disquiet among employers over this approach, as it suggests the commissioner will enforce higher standards than those strictly required by the legislation.
What do employers need to do in order to comply?
The code contains numerous recommendations and benchmarks and employers will need to look through all of these. The code can be downloaded from the Information Commissioner's website (see links). However, the main recommendations include:
- Workers should be provided with a copy of their basic employment record an