Regulation of Investigatory Powers Act 2000 (RIPA)
Came into Force October 2000 – Abogado de accidentes
Purpose is intended to implement article 5 of the Telecommunications Data
Protection Directive (No 97/66).
Communications As far as the interception of internal communications is concerned,
Interception unless there is (expressly or by implication) consent (by both parties to
the communication) to the interception, a criminal offence may be
committed. An employer can only lawfully intercept external
communications without consent if it complies with the provisions of the
Telecommunications (Lawful Business Practice) (Interception of
Communications) Regulations 2000, SI 2000/2699.
The Regs The Regulations create in effect a number of ‘lawful purposes’ whereby
employers can monitor and record communications between parties
without their consent, providing that the employer has made ‘all
reasonable efforts to inform’ every person who uses the
telecommunication system that their communication may be monitored.
Lawful Purposes they include:
1 creating records in case a dispute arises;
2 ensuring compliance with regulatory or statutory rules;
3 customer care;
4 prevention of crime and security against hackers;
5 investigating the unauthorised use of the telecommunications
Data Protection Act 1998 (DPA)
Came into force 1 March 2000
Purpose Under the DPA 1998, privacy attaches to ‘collected personal data’.
What is covered? Protection covers both computer processed personal data if the data was
retrieved ‘by reference to an employee’ as well as paper-based personal
records stored in filing systems ‘by reference to employees or criteria
relating to them’.
Personal Files There are wide-ranging rights for employees to receive copies of their
personal files, to ask for corrections or removal of inaccuracies and to be
told why personal information about them is being kept.
Personal Data The definition of ‘personal data’ appears to be wide enough to cover
appraisals and assessments.
References There is a specific exemption for confidential references.
Processing Data The DPA 1998 applies to the ‘processing of the data’. This covers most of
The routine personnel tasks from the creation of personnel information
to its filing, retention and storage.
Safeguards The Act sets out, by way of stated ‘data protection principles’ some basic
safeguards and controls about data processing. As far as employees
are concerned, these safeguards and controls mean, among other
things, that personal data must:
i. be obtained only for specific and lawful purposes
ii. must be processed fairly and lawfully and
iii. must be kept accurate and up to date.
Sensitive Data There are additional and more severe restrictions on the processing of
‘sensitive’ personal data – this includes data about an employee’s racial
or ethnic origins, political beliefs, physical or mental health, or sex life,
and the commission of offences.
E/ee obtaining details Employees have the right, upon request (and payment of a fee
up to £10), to be told (within 40 days) whether personal data
about them is being processed and, if so, to be told what the
data is, why it is being processed and to whom it is going.
If personal data on one employee contains personal data on
another, that employee’s permission will be needed, or details
may be blanked out.
The Information Commissioner is responsible for freedom of information under the
Freedom of Information Act 2000, which is not due to be
fully in force until November 2005 and has responsibility
for the working and policing of the DPA 1998.
Also includes the publication of codes of practice to
assist those who have control of personal data.
Employment Code In October 2000, the Commission published the first part of the
Employment Practices Data Protection Code. The Code is designed to
assist employers comply with the Act.