Rethinking data protection

The
Information Commissioner has pledged to reform his package of advice to
employers following widespread confusion over the practical workings of the
Data Protection Act (DPA). Ross Wigham asks the questions

Information
Commissioner Richard Thomas has promised to develop more practical and
user-friendly advice for employers and overhaul the existing Data Protection
Codes that guide employers through the Act.

Thomas
said the completed employers guidance – which has codes on staff monitoring,
medical records, records management and recruitment and selection – should be
finalised by the spring.

A
new employers helpline will also be introduced to advise businesses concerned
about specific problems with the interpretation of the DPA.

Thomas
also pledged to use more "plain English" after admitting employers
may be confused by terms such as "data subject" or "schedule 2
basis for processing".

Q&A
with Information Commissioner Richard Thomas

Q.
When will all four data protection codes for employers be available?

A.
“Part four has been written in draft form and we’re currently getting responses
to that. Later this year, by around late spring, all the codes should be
available. There are many pressures inside our office and the whole production
of the code is done by two people. However we think it’s much clearer now and
we’re bringing it all together.”

Q.
Has the public inquiry into how Ian Huntley was able to get a job as a school
caretaker had an impact on your new measures?

A.
“No. That’s a very specific inquiry into a tragic case although the role of
data protection will play a part. I’ll be giving evidence to the Sir Michael
Bichard inquiry.”

Q.
What has prompted your latest measures?

A.
“Businesses often hide behind data protection through some misguided criticism.
I was getting very concerned that data protection was getting unfairly treated.
The changes have been in the pipeline for the last few months, but I’ve brought
them forward to address my concerns. In the past the advice has been a bit too
heavy so we needed to simplify that.

There
has also been a strategic review of the office and we’ll announce the results
in a few weeks.”

Q.
How should employers use the new helpline?

A.
“It should be used as a last resort. Employers have got to try and get it right
for themselves first. But if they reach the conclusion that the DPA is making
them do something that defies common sense or is just plain daft then they
should ring the helpline.”

Q.
What do you mean by ‘more practical and user-friendly advice’?

A
“We’ll be looking back at our existing guidance, generic advice and the codes.
We want to provide different guidance for different sizes and types of
employer. We want to do more for each sector and we hope to plug some of the
gaps by working more closely with trade associations. New guidance must be as
clear as possible and it needs to be understood by a range of different
audiences.”

Q.
What are your hopes for the revised codes?

A.
“I believe very strongly that they will promote simpler and more effective data
protection. We need to focus on the most serious areas where people’s health
and safety, finances, well-being or careers are at risk. Data protection is not
a luxury add-on it’s a human right because people can be seriously damaged by
information held about them that’s inaccurate.”

Q.
What role should HR have in data protection?

A.
“It’s for every organisation to address these issues. The HR side is a major
part of it and I hope there are very few HR professionals unaware of the DPA
situation. It’s a people process because it’s about any personal information
held within a business. I would have preferred the DPA to be called the
‘privacy and protection of personal information act’ but it’s too late now.”

Data
Protection Helpline: 01625 545 745
www.informationcommissioner.gov.uk

Comments are closed.