Employment Law Update (March 2009)
Worker Blacklist highlights employer data protection
duties
A recent raid on a business dealing in personal data relating to
certain construction industry workers has highlighted employers'
responsibilities on collecting, dealing with, and safeguarding
employees' or customers' personal data.
A business called "The Consulting Association" was raided by
officers from the Information Commissioner's Office ("ICO"). The
ICO is responsible for ensuring compliance with the Data Protection
Act. It is alleged that the Consulting Association kept
records on 3,213 individuals, including details about their trade
union activities and employment conduct. There were also details of
around 40 businesses which it is alleged used the services of The
Consulting Association to vet applicants for work on construction
sites.
The ICO has seized the data files, and served an enforcement
notice on the owner of The Consulting Association. The ICO has
stated that it will prosecute The Consulting Association and is
considering what action to take against the firms which used its
services.
The case highlights the following points
- Holding and using data that relates to living individuals,
including employees and customers, without registering with the ICO
(a process called "notification") in most cases will be a criminal
offence;
- Businesses which hold personal data must comply with the eight
"data protection principles" when dealing with it;
- Individuals who suffer loss or damage as a result of unlawful
holding or use of personal data can go to court to claim
compensation from the business that held the data.
A reminder about the Data Protection Act
- Any business which holds "personal data" (data which relates to
living individuals) needs to register with the Information
Commissioner's Office ("ICO"). This process is called
"notification". Details can be found on the ICO website: http://www.ico.gov.uk/
- The cost of Notification is £35 while the maximum fine for
failure to notify is £5,000.
- Personal data can only be held or used in accordance with eight
"Data Protection Principles".
- Employees and customers have the right to see what information
is held about them by a business, although the business may charge
a small fee of up to £10 for dealing with such requests.
If you need further information about how the data protection
act affects your business, please view information on the following
link:
https://www.rbsmentor.co.uk/clientarea/essentials_el.aspx