Nationwide Employment Lawyers
Legal enquiries and clients : 0333 242 3851
Get in Touch
Service Rating: Damian McCarthy 5 starts - Service Rate
  • About Us
    • Contact
    • Howell John
    • Damian McCarthy
    • Simon Armstrong
    • Case Studies
    • Employment Law News
  • Employee Services
    • Questionnaire
    • Contact
    • Locations
    • Dismissal
    • Whistleblowing Law
    • Discrimination
      • Sex discrimination
        • Maternity rights in employment
        • Pregnancy or maternity discrimination
        • Returning to work and flexible working
        • Health and safety for pregnant women in the workplace
        • Sexual Harassment
      • Disability discrimination
      • Race discrimination
    • Equal Pay
    • Bullying and Harassment
    • Family Friendly Rights
    • Disciplinary and grievance hearings
    • Contracts
    • Transfer of Undertakings
    • Agency workers and part time workers
    • Privacy at work
    • Constructive dismissal
    • Resignation letter templates
      • Constructive dismissal letter template
      • Standard notice resignation letter template:
      • Short or long notice request template
    • Health and Safety at Work
  • Locations
    • London – Berkeley Square
    • London – Canary Wharf
    • London – Croydon
    • London – Hammersmith
    • London – High Holborn
    • London – King’s Cross
    • London – Liverpool Street
    • London – London Bridge
    • London – Richmond
  • Case Studies
    • A v PWC
    • P v S (confidential)
    • Moira Stuart quits, reigniting BBC ageism row
    • Married HBOS bank manager propositioned by colleagues
  • News
  • FAQ
  • Contact



Privacy at work

When personal or sensitive personal data is stored or handled by an employer’s relevant filing system (such as manual or paper files, a computer, or another type of electronic device), the Data Protection Act 1998 (the ‘Act’) will apply. Handling or processing may include getting hold of, recording, modifying, retaining or deleting information, and a ‘relevant filing system’ must be a highly structured filing system, such as one that is similar to a computer, rather than a system that just uses chronological order. This piece of legislation requires that the data belonging to the ‘data subject’ (in this case an employee) is held in a fair and proper way by the ‘data controller’ (in this case an employer).

 

The Act will protect data that affects the privacy of a living, identifiable person, whether that data is opinion or factual. Although a name being mentioned in a document is unlikely to be considered personal data, if information has been changed to conceal the identity of a living person – where a data controller can still identify the person – that will still be considered personal data.

 

Data protection principles

 

There are eight data protection principles that govern the way personal data can be processed:

 

1. There must be a specific purpose for data to be taken and processed.

2. The data must transferred outside the European Economic Area only where there are proper safeguards.

3. Data should only be held for as long as is necessary.

4. Data should be sufficient, pertinent and not excessive.

5. The data must be kept safe.

6. The data must be processed in accordance with the rights of individuals.

7. The data must be taken and processed for specified purposes.

8. The data should be processed fairly and lawfully. Fair processing will require there to have been consent from the data subject, and a reason for the processing – for example, that it is necessary for compliance with a legal obligation, to carry out a contract with the data subject, or protect their vital interests, to perform a public purpose, such as the administration of justice, or in pursuance of an organisation’s legitimate interests where the individual’s rights are not prejudiced.

 

With respect to sensitive data, there are additional rules. Subjects where personal data is likely to be considered sensitive include race, health, sex, or a criminal record. Sensitive data processing also requires one of the following:

 

Unambiguous consent from the data subject; a requirement to perform the processing to carry out a legal obligation connected to employment; that the processing is necessary for legal proceedings or the administration of justice; that it is required by a health professional for essential medical purposes; or that the processing is carried during the legitimate activities of a non profit organisation.

 

If the conditions are not met, data processing will be unlawful.

 

The right to see information

 

One of the key rights under the Act is the right of an individual to see information held on them where the Act applies to that information – for example, employment records. The way this information is viewed is via a written subject access request that is made to the data controller. There is a deadline of within 40 days to respond to the request and the data controller can charge for providing the information (this could be up to £10 (£2 for a request for limited information from a credit reference company and £50 for medical records)).

 

A subject access request will require a data controller to provide the data subject with a description and a copy of all the information that the controller holds on the subject, details of where this has come from and an explanation of any codes used, details of those who have potentially received the data, and the reason why the data controller has held or processed the information. Examples of where this may be used in the workplace include where an employee wants to obtain copies of various emails that concern a disciplinary hearing, or where an employee wants to see a copy of their personnel file.

 

The Information Commissioner

 

The Information Commissioner is the body that oversees data protection legislation – both the Act and the Freedom of Information Act 2000, under which information can be requested from a public authority by an individual or organisation (that public authority must tell the applicant whether or not it holds the information within 20 days and then provide the information or state an exemption as reason why it doesn’t have to be provided.) The Information Commissioner is government appointed.

 

The Data Protection Code is something that has been issued by the Information Commissioner. It is not legally binding but is a good starting point to take steps to resolve issues with data protection. If it is not followed this may be cited in any enforcement notices that the Information Commissioner may issue against an organisation for not complying with the Act.

 

Claiming

 

If a data subject suffers financial loss or distress (in limited circumstances if distress is the only claim) because there has been a breach of the Act’s provisions, then a right to claim compensation arises. In addition to awarding compensation to a data subject, a court may decide to order inaccurate data is amended or destroyed.

 

Where is the Act relevant?

 

There are some very specific examples of situations in which the Act could apply. For example, a recruitment agency should always have an employee’s consent to pass on information about that employee to an employer. The agency should only request information from the employee that is relevant to the job application and an employee must be told if any information on them is to be requested from someone else (for example, requesting a reference from a previous employer). (See Part 1 of the code for recruitment and selection and Part 2 for record keeping in employment).

 

In terms of references there is an exemption in the Act which means that an employer does not have to provide details of a reference they have written in confidence, or reveal the identity of the reference writer (or any other third parties). In fact, references are generally allowed if they don’t identify a third party. It is not sufficient to take measures to conceal the identity – for example just to blank out the name of the third party (in this case the reference writer) – because if the content of the reference could identity that person, employers can consider withholding the reference.

 

Workplace monitoring (see Part 3 of the Code) is another area where an employer must ensure that the provisions of the Act are being complied with. The monitoring of emails, phone calls and internet use must be in accordance with the Regulation of Investigatory Powers Act 2000, as well as the DPA, which may also apply to areas like the recording of sent emails (depending on the monitoring and record keeping procedures).

 

The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 require the interception to be only for the purposes of monitoring, or keeping a record of, relevant business communications, otherwise consent is required.

 

According to Part 3 of the Code any monitoring must not intrude unnecessarily on employees’ privacy or autonomy at work and the benefit of monitoring should be looked at against the negative effect on the workforce. Where the negative effect is not proportionate to the business reason for which the monitoring was introduced, the Code recommends that monitoring should not be used.

 

Covert monitoring is rarely justifiable and an employer should introduce a policy explaining to employees the reasons for monitoring and how the monitoring is being carried out.

 

Any retention of medical tests will trigger the Act’s provisions (see Part 4 of the Code). Here there should be an ‘impact assessment’ to establish whether there is a less intrusive alternative.

 




Social Share
  • google-share

Our specialist areas of law

  • Employment Tribunals
    • Employment Tribunals London
  • Dismissal
    • Unfair Dismissal
    • Constructive Dismissal & Resignation Advice
    • Compromise agreements
    • Executive Dismissal
    • Whistleblowing Law
    • Redundancy claims
    • Age Discrimination & Redundancy – Protection for all Ages In Redundancy
    • Collective redundancy
  • Whistleblowing
    • Whistleblowing Law
  • Discrimination (overview)
    • Discrimination at work – overview
  • –– Sex Discrimination
    • Maternity rights in employment
    • Pregnancy or maternity discrimination
    • Returning to work and flexible working
    • Health and safety issues for pregnant women in the workplace
  • –– Disability discrimination
    • Disability discrimination
  • –– Race discrimination
    • Race discrimination
  • –– Age discrimination
    • Age discrimination in recruitment and selection
    • Age discrimination – your rights at retirement
    • Age discrimination and redundancy – protection for all ages in redundancy
    • Age discrimination and pensions
    • Age discrimination and benefits
  • –– Sexual-orientation discrimination
    • Sexual-orientation discrimination in goods and services
  • –– Religious discrimination
    • Religious discrimination
  • –– Gender reassignment discrimination
    • Gender reassignment discrimination
  • Equal pay
    • Equal pay
  • Bullying and Harassment
    • Bullying and harrasment at work
  • Family-friendly rights
    • Family leave
    • Maternity rights in employment
    • Pregnancy and maternity discrimination
    • Return to work and flexible working
    • Health and safety for pregnant women in the workplace
    • Paternity rights
    • Maternity
    • Part-time workers
  • Disciplinary and Grievance Hearings
    • Disciplinary Hearings & Procedures
    • Grievance procedures
  • Contracts
    • Bonus disputes and discrimination
    • Bonus disputes
    • Bonus discrimination & The Risks Associated With It
    • Contract disputes and permanent health insurance
    • Employment contract disputes – restrictive covenants
  • Transfer of Undertakings
    • Transfer of undertakings (TUPE)
  • Agency Workers and Part Time Workers
    • Agency workers
    • Part-time workers
  • Privacy at Work
    • Privacy at work
  • Letter Templates
    • Constructive dismissal letter template
    • Standard notice resignation letter template:
    • Short or long notice request template

Contact Us

  • We will be able to help you quickly if you leave us a contact phone number. We keep this strictly confidential.
  • This field is for validation purposes and should be left unchanged.

Quick Links

Navigation

About Us
Employee Services
Locations
Case Studies
News
FAQs
Contact

Terms

Privacy statement
Terms

Copyright Notice | Disclaimer | Website Terms & Conditions | Privacy Statement
ACAS | EHRC
Nationwide Employment Lawyers Ltd is Authorised and Regulated by the Financial Conduct Authority. For peace of mind you can find information about our authorisation by checking the Registration number 838365 on the Financial Services Register : register.fca.org.uk. Please note all telephone calls are recorded, as required by the regulator. Nationwide Employment Lawyers Ltd is not a firm of solicitors. Instead we offer an exceptional level of service using specialist employment law Solicitors, Barristers and a Senior Advocate.
Please contact us using either the questionnaire, quick contact form (above) or telephoning us on 0333 242 3851.