|
Updating author: Marc
Meryon
On this page:
Summary
Future developments
Action point checklist
Key
references
Questions and answers
Meaning of terms
Manual or paper-based
files
Meaning of "personal data"
Meaning of "sensitive personal data"
Meaning of "processing"
Duties of
employers
The eight data protection
principles
Subject access rights
References
Data likely to cause damage
or distress
Correction, removal or destruction of
inaccurate or misleading data
Transitional provisions
to 24 October 2007
Enforcement
Notification
Employment practices data
protection code
Summary
3.103
- The Data Protection Act 1998, which implements the Data Protection
Directive (95/46/EC), came into force on 1 March 2000. (repealing and
replacing the Data Protection Act 1984)
- The Data Protection Act 1998 embraces all forms of personal data, whether
held on computer or in a relevant filing system, for example in paper-based
personnel files. (See 3.106 Manual or paper-based
files)
- In an employment context, the term personal data includes not only facts
and opinions about a particular employee but also information about the
employer's intentions in respect of that employee. (See 3.107 Meaning of "personal data")
- The Data Protection Act 1998 lays down rules concerning the processing of
sensitive personal data - meaning data about an individual's racial or ethnic
origins, political opinions, religious or other beliefs, trade union
membership, health, sex life or sexual orientation, criminal proceedings or
convictions. (See 3.108 Meaning of "sensitive
personal data")
- Data subjects have the right to be told about and to be provided with
intelligible copies of any personal data held on computer or in a paper-based
filing system. (See 3.112 Subject access rights)
- Data subjects also have the right to apply to the High Court or a county
court for an order directing the data controller to rectify, block, erase or
destroy any such personal data that is inaccurate. (See 3.112 Subject access rights and 3.116 Transitional provisions)
- The Information Commissioner has significant powers under the Data
Protection Act 1998 and may serve an enforcement notice on any employer that
has contravened any of the eight data protection principles embodied in the
Act. (See 3.117 Enforcement)
- The "Employment practices data protection code" provides guidance for
employers on data protection issues related to the recruitment and selection
of workers, the maintenance of employment records, the monitoring of workers
and the processing of information about workers' health. (See 3.119 Employment practices data protection code)
Back to top
Future developments
3.104 With effect from 6 April 2010, the Information
Commissioner is expected to have the power to order organisations to pay up to
£500,000 as a monetary penalty in the event of a serious breach, by a data
controller, of any of the data protection principles set out in the Data
Protection Act 1998. The Information Commissioner may impose a monetary penalty
if satisfied that: the breach is likely to cause substantial damage or distress;
the breach was deliberate; and the data controller knew or ought to have known
that there was a risk that the breach would occur and was likely to cause
substantial damage or distress, but failed to take reasonable steps to prevent
it. |
|
Top
Back
|
