will the Employment Practices Data Protection Code on Monitoring at Work,
published in June, help OH comply with the Data Protection Act and will it
encourage employers to adopt good practice?
By Linda Goldman & Joan Lewis
There is a public perception that the workplace is a hothouse for nurturing
On one hand, the raft of European and domestic legislation designed to
ensure health and safety at work opens a door to legal intervention.
On the other, the current trend towards fair and flexible internal grievance
resolution, supported by statutory dispute resolution procedures has not yet
reduced the numbers of people making claims in courts and tribunals.
Underpinning any successful solution to otherwise irreconcilable differences
is the need for accurate information, properly acquired.
Once facts are on record, the Data Protection Act 1998 (DPA) becomes the
framework for justice.
In June 2003, the Information Commissioner published Part 3 of the Employment
Practices Data Protection Code on Monitoring at Work. This will help OH
practitioners comply with the DPA and, in particular, encourage their employers
to adopt good practice.
Rights of the data subject
The facts that comprise information about an individual are called data. The
DPA contains eight principles by which data is acquired, stored and used. These
are set against the background of the most important fact of all: data is the
property of the person to whom it relates.
Responsibilities of data control
OH practitioners acquire and store data. They are therefore data
controllers, on whom the duty to process data fairly and lawfully can only be
fulfilled by attaining consent from the subject.
Consent will also relate to the release of data in certain specified
situations, including for legal proceedings. In a life or death situation,
consent for the use of data can be given by a third party.
Data may also be disclosed where necessary for medical purposes if it is
undertaken by a health professional subject to an ethical duty of
It is also worth noting that in some circumstances, OH may be privy to
information that may need to be disclosed in the ‘public interest’.
Take, for example, a drugs test that reveals the use of an illegal drug by
someone applying for another job who works in a potentially hazardous
occupation, say, a bus driver or fork-lift driver.
What is the duty of the OH department, which has carried out the health
surveillance for the new employer to inform the employee’s current employer, of
the results of the drugs test?
Here the question of disclosure arises because of the risk to the public of
a driver with drugs in his system. Disclosure should only be made to his other
employer if so advised by the practitioner’s legal advisers, as it will have to
pick up the tab if it turns out that disclosure should not have been made.
The DPA provides in section 29 for disclosure for the purposes of
investigating crime. If the drug is an illegal substance and the police are the
agency for investigating crime, disclosure to the police may be made, provided
the insurer agrees that any steps should be taken at all.
Since data should only be kept for the purpose for which it is needed and
for a justifiable period, the OH practitioner must bear in mind that there will
be cases where records may need to be preserved if there is a risk of personal
injury litigation. For example, three years is the limitation period running
from the date of knowledge of the accident or injury for a claim in negligence.
Where further health records need to be kept because of the risk of
long-term illness such as asbestosis or other chemical or product related
issues, a view should be taken on maintaining records for longer.
As a matter of good practice, health and safety legislation should be
consulted to see if any aspect of the work carried out by the at-risk employee
requires retention for longer periods.
The information contained in retained records remains the property of the
individual who, for a standard fee of £10, is entitled to have a copy for their
own information. It is advisable to keep a record of the fact that any changes
to records have taken place, such as when deletions are made.
The Information Commissioner is in the protracted process of issuing a
complete code of practice in relation to employment practices in the
implementation of the DPA. To date, three parts of the code have been
published. The fourth part will relate to medical information, and is expected
to be published by the end of the year.
The parts of the code issued to date suggest that a very high standard of
compliance with the DPA is required.
For OH practitioners, these standards accord with ethical principles.
Since the fourth data principle requires accuracy of data and the fifth
requires data to be kept for no longer than necessary, more interaction with
data subjects may be useful. It is suggested that employees be shown their
records at regular intervals so updates can be made and inaccuracies identified.
Effect of the code of practice on workplace monitoring
Stringent precautions should be taken when transmitting data, particularly
containing medical information, by e-mail, fax or post to ensure security
encryption and receipt by the named addressee.
E-mail is an increasing problem. Many complaints are made to the Information
Commissioner about refusal of access to information held in e-mails, usually
when the data controller believes they have been deleted, but in fact a back-up
system has ensured retention.
The commissioner has the power to assess whether there has been a failure to
provide access to personal data held in e-mails by making his own
investigation. In using that power, he will ascertain whether there has been
compliance with the applicable part of the code of practice.
As a general rule, a code of practice does not have the full force of the
law, but the employer’s failure to comply may be taken into account as evidence
tending to support a breach of the Act having been committed.
Transmission of OH records occurs at the stage when they are released under
circumstances, which include the request of the subject and change of OH
In the latter instance, the affected data subjects should be informed of the
whereabouts of their records and the nature and scope of the new data
protection system. When in doubt about the transferral or storage of records,
particularly if the original employer becomes insolvent, the Employment Medical
Advisory Service may be able to advise.
Linda Goldman is a barrister at 7 New Square, Lincoln’s Inn. She is head
of training and education for ACT Associates & Virtual Personnel. Joan Lewis
is the senior consultant and director of Advisory, Consulting & Training
Associates and Virtual Personnel, employment law and advisory service
consultancies and licensed by the General Council of the Bar in employment
matters under BarDirect.
Sketchplan of data protection principles
Data must be:
– fairly and lawfully processed
– processed for limited purposes compatible with those purposes
– adequate, relevant and not excessive for the purpose
– maintained for no longer than necessary
– processed in accordance with the rights of the individual
– kept securely
Data must not be:
– transferred outside the EU without consent of the subject
unless that country can assure the rights of the data subject
Casebook – practical aspects of
The new Employment Practices Data
Protection Code on Monitoring at Work
The latest tranche of the code gives detailed guidance on
monitoring at work and covers an employer’s use of CCTV cameras and automated
checking software to collect information about workers.
Although there may be a bona fide purpose in surveillance, its
use often has implications for OH confidentiality. For example, it is not
unknown for workers ostensibly on sick leave to have their activities outside
the workplace videoed to collect evidence that they may not actually be sick.
E-mail or internet abuse is often a serious disciplinary
offence. Distributing or receiving pornographic e-mails is high on the list of
reasons for dismissal and is considered to be justification for monitoring
e-mail systems. However, general monitoring may affect the way the OH
department deals with external communications.
According to the code, the employer should make it clear to
staff the circumstances in which, if at all, they may use the e-mail system and
internet access for private communications. As for medical matters, provision
for confidentiality is made by suggesting the use of clearly marked internal
post, probably because of the inherent back-up systems in computers whereby
otherwise confidential material may be accessed later. Specific details are
available on the Information Commissioner’s website. www.dataprotection.gov.uk/dpr/dpdoc.nsf
Z v Finland (1998) 25 EHRR 371
The European Court of Human Rights determined that Z’s medical
records were legally disclosed in proceedings in which her husband was charged
with rape and manslaughter for knowingly infecting his victims with HIV.
However, disclosure of her identity was a breach of Article 8
of the Human Rights Convention, which provides that the protection of personal
data, not least medical data, is of fundamental importance to a person’s
enjoyment of their respect for private and family life.
The court held that it
is crucial not only to respect the sense of privacy of a patient, but also to
preserve their confidence in the medical profession and in the health services
in general. Without such protection, those in need of medical assistance may be
deterred from revealing such information of a personal and intimate nature as
may be necessary in order to receive appropriate treatment and, even from
seeking such assistance, thereby endangering their own health and, in the case
of transmissible diseases, that of the community.
Z resisted police attempts to discover her HIV status. The
police then seized her medical records from hospital. They were included in the
court file to be released to the public in 2002. The seizure of records was
lawful because it was in pursuance of the legitimate aim of investigating and prosecuting
a crime and was proportionate.
London Borough of Hammersmith and
Fulham v Farnsworth (2000) IRLR 691 EAT
Farnsworth was offered a job subject to ‘medical clearance’.
Her medical records showed she had suffered from mental illness in the past. The
borough’s OH physician reported, "…[although] the GP reports her health
has been good over the last year, in view of her medical history I am concerned
she may be liable to further recurrence in the future… [that would] affect
The employment tribunal found she had suffered disability
discrimination. The borough ignored the reference, which showed no absence from
work in her previous post. The EAT upheld the decision, stating that there was
no valid distinction between the borough and its agent, the OH physician.
They were under a duty to continue any enquiry as to
Farnsworth’s fitness to work. This puts a curious slant on confidentiality. The
applicant’s agreement that her medical records could be disclosed to the
potential employer meant they were deemed to be within the knowledge of the
employer, having been seen by the medical officer. Further, the decision
confirms that an employer cannot rely on the employee/applicant’s failure to
make formal confirmation of disability status to avoid a finding of disability