Hand £10 over to your employer and you can gain access to
confidential company records on your performance as an employee,
writes Roisin Woolnough.
Individuals have had the right to view sensitive information about
themselves, such as sickness records, disciplinary or training
records, appraisal notes, e-mail logs and general personnel files,
since the Data Protection Act 1998 came into force in 2000.
The Office of the Information Commissioner - an independent
government body that promotes observance of the Data Protection Act
and can serve enforcement notices to oblige companies to comply
with the law - is in the process of issuing a code of practice that
interprets the Data Protection Act.
"It is the commissioner's view of good practice," says Iain Bourne,
strategic policy manager at the Office of the Information
Commissioner. "It is a comprehensive description of the Act, with
its own set of standards."
The commissioner interprets various acts, issuing guidelines on how
employers should comply with them. While the codes of practice do
not have legal status, they often act as a benchmark at employment
tribunals as to how employers should behave.
"It won't ever take on the status of statutory law," says Bourne.
"But once a code of practice has been issued it can take on a
quasi-legal force in its use. There are things that the code states
as good practice that you cannot do and still comply with the Data
Protection Act."
Diane Sinclair, employee relations advisor at the Chartered
Institute of Personnel and Development (CIPD) says that, as with
Advisory, Conciliation and Arbitration Service (Acas) codes, should
an employer be found to have ignored the code of practice at a
tribunal it will most likely count against them.
"Employers will be vulnerable if they have not followed the code,
but will not automatically be in breach of the law," she explains.
"You don't have to follow the code, but as the code interprets the
principles of the Act, you have to show that you have followed the
principles of the code.
"The Acas code of practice on grievous and disciplinary procedures
is frequently cited in tribunal cases of unfair dismissal, when
people have not followed it."
Sinclair thinks the information commissioner's code of practice
could have a big impact on how employers and employees behave. She
criticises the Data Protection Act for not being very clear or
accessible for either employers or employees and welcomes the
code's clarification of it.
Originally, the code was presented as one booklet, but Sinclair
says the CIPD and other industry bodies felt it was too long and
confusing and called for it to be broken down into separate
parts.
The result is that the information commissioner is now issuing the
code in four parts, the first part of which is currently available
and covers recruitment and selection.
The second part, which Bourne predicts will be available to the
public in a few weeks' time, covers the collecting, storing,
disclosure and deletion of records, while the other two cover
monitoring at work and medical testing. Workplace monitoring
concerns the individual's use of telephones, e-mail, the Internet
and vehicles. Medical testing concerns occupational health, drugs
and genetic screening.
Sinclair is looking forward to the publication of the section on
e-mail and Internet use. "This is the one to watch, as part of the
original code said accessing soft porn was acceptable," she says.
"We criticised that very strongly indeed."
What information can I access?
Individuals are barred
from accessing certain information, such as data relating to
criminal investigations, promotion, transfer or redundancy plans.
Once an employee has submitted a written "subject access request"
(either by letter or e-mail), their employer must process it within
40 days. Information that an employee might typically find should
they access their records includes:
- Salary and bank account details
- Sickness records, covering physical and mental health
- Disability details
- Racial origin information
- Trade union membership details.
Know your rights
Useful sources for finding out more
about the Information Commissioner's code of practice, the Data
Protection Act 1998 and employee rights: