Tag Archives: workers

MONITORING AND DATA PROTECTION IN THE WORKPLACE

Regulation of Investigatory Powers Act 2000 (RIPA)

Came into Force October 2000 – Abogado de accidentes

Purpose is intended to implement article 5 of the Telecommunications Data

Protection Directive (No 97/66).

Communications As far as the interception of internal communications is concerned,

Interception unless there is (expressly or by implication) consent (by both parties to

the communication) to the interception, a criminal offence may be

committed. An employer can only lawfully intercept external

communications without consent if it complies with the provisions of the

Telecommunications (Lawful Business Practice) (Interception of

Communications) Regulations 2000, SI 2000/2699.

The Regs The Regulations create in effect a number of ‘lawful purposes’ whereby

employers can monitor and record communications between parties

without their consent, providing that the employer has made ‘all

reasonable efforts to inform’ every person who uses the

telecommunication system that their communication may be monitored.

6

Lawful Purposes they include:

1 creating records in case a dispute arises;

2 ensuring compliance with regulatory or statutory rules;

3 customer care;

4 prevention of crime and security against hackers;

5 investigating the unauthorised use of the telecommunications

system.

Data Protection Act 1998 (DPA)

Came into force 1 March 2000

Purpose Under the DPA 1998, privacy attaches to ‘collected personal data’.

What is covered? Protection covers both computer processed personal data if the data was

retrieved ‘by reference to an employee’ as well as paper-based personal

records stored in filing systems ‘by reference to employees or criteria

relating to them’.

Personal Files There are wide-ranging rights for employees to receive copies of their

personal files, to ask for corrections or removal of inaccuracies and to be

told why personal information about them is being kept.

Personal Data The definition of ‘personal data’ appears to be wide enough to cover

appraisals and assessments.

References There is a specific exemption for confidential references.

Processing Data The DPA 1998 applies to the ‘processing of the data’. This covers most of

The routine personnel tasks from the creation of personnel information

to its filing, retention and storage.

Safeguards The Act sets out, by way of stated ‘data protection principles’ some basic

safeguards and controls about data processing. As far as employees

are concerned, these safeguards and controls mean, among other

things, that personal data must:

i. be obtained only for specific and lawful purposes

ii. must be processed fairly and lawfully and

iii. must be kept accurate and up to date.

Sensitive Data There are additional and more severe restrictions on the processing of

‘sensitive’ personal data – this includes data about an employee’s racial

or ethnic origins, political beliefs, physical or mental health, or sex life,

and the commission of offences.

E/ee obtaining details Employees have the right, upon request (and payment of a fee

up to £10), to be told (within 40 days) whether personal data

about them is being processed and, if so, to be told what the

data is, why it is being processed and to whom it is going.

If personal data on one employee contains personal data on

another, that employee’s permission will be needed, or details

may be blanked out.

The Information Commissioner is responsible for freedom of information under the

Freedom of Information Act 2000, which is not due to be

fully in force until November 2005 and has responsibility

for the working and policing of the DPA 1998.

Also includes the publication of codes of practice to

assist those who have control of personal data.

Employment Code In October 2000, the Commission published the first part of the

Employment Practices Data Protection Code. The Code is designed to

assist employers comply with the Act.