Data protection

Felicity AlexanderEditor's message: To comply with their obligations under the Data Protection Act 1998, employers need to know what type of information is included within the ambit of “personal data” protected by the Act. Our Employment law manual, Employment law manual > Personal data > Data protection, explains the meaning of the terms used in the Act and how an employer can comply with the Act.

The Employment law manual also covers the right of an employee to access personal data held by the employer by making a subject access request. We have a range of model forms to help employers deal with subject access requests: Policies and documents > Protecting your business > Data protection. These forms take into account the subject access code of practice issued by the Information Commissioner's Office.

From 10 March 2015, it is a criminal offence for employers to require job applicants and existing employees to obtain and provide a copy of their criminal record by making a subject access request to police authorities. Where employers wish to legitimately obtain information about the criminal record of an employee or prospective employee, they should request a check through the appropriate criminal records disclosure scheme. This procedure is explained in our Good practice manual > Recruitment and selection > Managing the process following a selection decision > Conducting background checks.

There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices. We have a model policy specifically covering employees’ personal equipment: see Policies and documents > Policy on the use of personal devices for work/bringing your own device to work.

Felicity Alexander, employment law editor

Latest items in Data protection