Business Brian
Administrator
Hero Member
Posts: 1034
|
 |
« on: January 04, 2004, 11:49:49 AM » |
|
If your organisation holds personal data on employees (or other data subjects) either electronically or on paper, you should register with the Data Protection Registrar. This costs £35 per year. Failure to do so is a criminal offence.
Employees have the right to gain access to the personal data held on them within 40 days of their request. This will include personnel files, memos, and e-mail about them. Confidential references given by the employer are excluded from the right but references from third party held by the employer are not.
In practice employers would be wise not to commit to paper or e-mail opinions about an employee that they would not wish that person to see.
Once registered, you must only use or disclose the data for the purposes entered on the registrar and must adhere to the data protection principles. Those principles include (amongst other things) ensuring the data is adequate, relevant, and not excessive, accurate, and up to date.
In practice, personnel files should be regularly looked at to ensure compliance with these principles.
Key Points:
- You may need to register with the Data Protection Agency
- Once registered you must adhere to the data protection principles
- Employees have the right to access their personal data within 40 days of request.
[/font]
|
Author