- Workers have legal right to access information that an employer may hold on them.
- The Data Protection Act contains 8 principles that everyone responsible for using data has to follow.
- All staff have a responsibility under the act to ensure that their activities comply with the Data Protection.
- Data Protection applies when monitoring employee's telephone calls, e mails and CCTV.
- Employees who feel the organisation has misused information or hasn't kept it secure can contact the Information Commissioner's Office.
The Data Protection Act is concerned with respecting the rights of individuals when processing their personal information. This can be achieved by being open and honest with employees about the use of information about them and by following good data handling procedures. The act is mandatory and all organisations that hold or process personal data must comply.
The Data Protection Act contains 8 principles:
- personal data should be processed fairly and lawfully
- data should be obtained only for one or more specified and lawful purposes
- the data should be adequate, relevant and not excessive
- it should be accurate and where necessary kept up to date
- any data should not be kept for longer than necessary
- personal data should be processed in accordance with the individuals rights under the act
- data should be kept secure
- personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.
All staff have a responsibilities under the Act to ensure that their activities comply with the Data Protection Principles. Line managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose personal data outside the organisation's procedures, or use personal data held on others for their own purposes.
Workers have a legal right to access information that an employer may hold on them. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes. Arrangements should be in place to deal with requests as a 40 day time limit is stipulated. Information can be withheld if releasing it would make it more difficult to detect crime or the information is about national security. If an employee feels the organisation has misused information or hasn't kept it secure they can contact the Information Commissioner's Office.
Monitoring employees - CCTV, telephone calls, emails
The Data Protection Act will apply if employers are monitoring employees; for example to detect crime or excessive private use of e-mails, internet use etc. However, the act requires that workers should be aware of the nature and reason for any monitoring.
Employers can seek to collect information regarding an employee's health if the employee freely gives consent. Employers should consider why they need the information and exactly what information is needed. This information once collected should be held securely, this could be allowing only one or two people access to the information or by password protecting it. Employers should check that the information collected can be justified.
Acas training - did you know?
Call our Helpline on 0300 123 1100 for free support and advice or to check your workplace policies and practices. The Acas Helpline provides free and impartial advice for employers, employees and representatives on a range of employment relations, employment rights, HR and management issues.
Some feedback about our Helpline from users:
"Acas is invaluable. We have had lots of HR issues and nobody else to ask."
"Everything that I have asked Acas on the Helpline, they have informed us correctly and in full."
Helpline number: 0300 123 1100
Monday-Friday: 8am-8pm and Saturday 9am-1pm
View further information about our Helpline service, including our new Helpline Online on the Acas Helpline page.