Some time back when a US based employee had outsourced his work to a third party in China, the curious case of data protection was once again in the spotlight. These kind of incidents increase unrest among both the employer and the employees about their rights in the workplace when it comes to data protection.
In UK the Data Protection Act controls the use of individual data by organisations, businesses or the government. According to the regulation, everyone to blame for utilising data should adhere to a set of directions called ‘data protection principles’ and should make sure that the data is:
- Used fairly and lawfully
- Used adequately and in relevance
- Used for limited, specifically stated purposes
- Accurate
- Handled according to data protection rights of people
- Kept secure and safe
- Not transferred outside UK without adequate protection
- Stored for no longer than necessary
The DPA also ensures for a more powerful lawful protection for more sensitive information that might include ethnicity, political opinions, religious convictions, criminal records, health and sexual well-being.
It furthermore grants a right to information where you can inquire the government or any other organisation about all the data they have retained about you, by writing to them. The administration would be law bound to provide you with a copy of the information.
Although, in certain cases the data can be denied when it is related to the prevention, detection or investigation of a crime; national security; evaluation or collection of tax and judicial or ministerial appointments. Further, the administration doesn’t have to provide a cause for withholding data in this case.
You might be required to pay a charge (which is generally less than £10) to demand data.
In addition, if you are doubtful that your information is being misused by any organisation, you can contact them directly; also in absence of a satisfactory answer you can approach the data Commissioner’s Office (ICO) directly at 0303 123 1113.
Employers’ and Employee’s Rights
Employers enjoy the privilege to monitor their employees by utilising different means such as CCTV recordings, drug testing, bag searches, checking their worker’s email messages and websites they look at. All monitoring that involves recording data, images or drug testing is protected under DPA.
If a worker is unhappy with this, they can check their employees handbook or contract to see if the employer is allowed to do this. In case it hasn’t been cited, the worker may resign and claim unfair (‘constructive’) dismissal as a last holiday resort after exhausting other means of dispute resolution.
Employers also need to sustain a written policy for conducting searches and they should be done by respecting privacy of individuals, by a member of the same sex and in presence of a witness.
Workers reserve the rights to file for discrimination, assault or false imprisonment if a search or drug test is not managed correctly by the book.
In case of drug testing, employers need to have former consent from workers such as in the form of a full contractual health and safety policy which needs to be mentioned in the agreement or staff handbook. Furthermore employers should limit checking to only workers that need to be tested, ensure that checks are undertook at random and without singling out any specific employee except supported by the nature of their job.
For email, CCTV and other forms of monitoring, employers must clearly mention the amount of monitoring in the employees’ handbook or agreement and inform the employees that they are being monitored. They should also inform them about a reasonable number of personal emails and telephone calls that would be monitored or that individual emails and calls are not forbidden. However, employers can’t supervise workers everywhere in the workplace (for example, toilets), or they would stand in violation of the DPA.
Employers also need to make sure that all data that they assemble should be kept safe, secure and up to date. The type of information that an employer can store about their employee encompasses – name, address, date of birth, sex, education and qualifications, work experience, national insurance number, tax code, disability details and emergency contacts. They can also revise their notes with details of an employee’s employment history with the organisation, employment terms and conditions, any accidents in the workplace and connected with work, training received as well as any disciplinary actions.
In all attenuating factors, the employer should clearly let their workers know about what records are being stored and how they are being utilised, the confidentiality of the records and how they will help with their (employee’s) training and development at work.
An employee can request for a copy of their data from their employer, who will have 40 days to comply with this demand.
Under no circumstances the directions laid down in the Data Protection Act should be broken.