carter hodge legal services
legal services buying and selling property  home business and commercial law  about clinical negligence  our people employment law  recruitment general litigation  news re-mortgage  location family law  terms wills, trust and probate  links solicitors  contact us
    Employment Law

Accident Claims Accident Claims
Business and Commercial Law Business & Commercial issues
Buying and Selling your home Buying & Selling your home
Commercial Property Law Commercial Property
Elder Law Elder Law
Services for the Elderly Services for the Elderly
Clinical Negligence Clinical Negligence
Employment Legal Employment
  Service to Employers
  Service to Employees
  Unfair dismissal
  Unsafe dismissal
  Redundancy
  Employment Tribunals
  Average Tribunal Awards
  Employment act 2002
  Data Protection
  References
  Parental leave
  Harassment & Bullying
  Stress at work
Family Law Family Law
General Litigation General Litigation
Re-Mortgage Re-mortgage Department
wills trust probate Wills, Trust and Probate

A Basic guide to Data Protection


As from 24th October 2001 almost all provisions of the Data Protection Act 1998 came into effect. From that date, all processing of automated or manual data must be fully compliant with the provisions of the 1998 Act.

The following definitions apply :-

Personal Data -

Data, stored electronically or in a manual filing system, relating to a living individual who can be identified from that data and/or other information in the possession of the data controller.

Data Controller

A person who determines the purposes for which data are processed. The definition covers, however, outside third parties to whom employers provide information e.g. pay roll services.

Data Subject

The person to whom the personal data relates.

Data Processor

A third party (not an employee) processing data on behalf of a data controller e.g. a pay roll agency.

With effect from 24th October 2001, all processing of automated or manual data must be fully compliant with the provisions of the 1998 Act which imposes three principal obligations on data controllers being :-

  • To notify the Office of the Information Commissioner in order to acquire an entry in the Public Register maintained by the Commissioner. Processing personal data without a notification (where notification is required) is a criminal offence.
  • Processing must comply with eight data protection principles. The principles regulate the purposes for which personal data shall be obtained, the quality of the data including its accuracy and the length of time for which the data may be retained. The duty to comply with the principles applies to all data controllers not merely those who have to notify.
  • To observe rights that data subjects are granted in respect of data held relating to them.

Processing -

Includes nearly everything from basic storage to any form of manipulation of data including deletion.

Sensitive Personal Data

In addition to satisfying the eight data protection principles employers wishing to process Sensitive Personal Data (Personal Data about the Data Subjects racial.ethnic origin, political opinions, religious beliefs, membership of trade unions, physical/mental health, sex life and criminal offences) must satisfy one of ten further conditions including :-

  • having the explicit consent of the employee to the processing of the data
  • that the processing is necessary to perform some right/obligation imposed by law on the Data Controller in connection with employment e.g. administration of sick leave;
  • the information contained in the Personal Data was deliberately made public by the employee.
  • that the processing is necessary for legal proceedings, obtaining legal advice or establishing, exercising or defending legal rights.
  • that the processing is necessary for equal opportunities monitoring in relation to race/ethnic origins.
  • that the processing is necessary for the prevention/detection of an unlawful act.

Access

An individual who pays a £10.00 fee and makes a request in writing is entitled within forty days:-

  • To be informed by the Data Controller whether any Personal Data is being processed by or on behalf of the Data Controller;
  • To a description of any Personal Data being processed, the purposes for which it is being processed, and to whom the Personal Data has been or may be disclosed;
  • To receive copies of any Personal Data in an intelligible form.

Sources of further information

The Office of the Data Protection Commissioner. A useful website containing a guide to the Data Protection Act 1998 and identification of areas where data protection is relevant:
www.dataprotection.gov.uk

The Home Office website which provides background information on the Data Protection Act and related statutory instruments
www.homeoffice.gov.uk/ccpd/dpsubleg.htm

The TUC provide a guide to surveillance at work, summarizing the law and providing guidelines and good practice :
www.tuc.org.uk/law/tuc-2684-FO.cfm

Employers with wholly manual personnel records who carry out no other data processing will now be caught by the provisions of the Act. Personal data may consist of no more than a name/or address if the individual employee can be clearly identified.

Employers should appoint a compliance officer, check whether notification is required and/or up to date, ensure that their processing and security systems are audited and that self audits are conducted regularly.

Old and unnecessary data should be deleted and subject access requests dealt with within the time limits laid down. An express consent clause to processing of data for the purposes of the Data Protection Act is recommended in all Contracts of Employment and/or Employee Handbooks.

 
carter hodge solicitors - legal services
Southport 01704 531991 | Ainsdale 01704 577171 | Heswall 0151 342 6447
All rights reserved ©2003 - 2005. Terms & Conditions of use. Site build & maintenance by Netnoise