Legal Article - Employment Law

Data Protection: Principles of Good Practice

Employers should consider their use of data, why they need it, what they use it for and how long they keep it.

A system should be put in place to ensure that the information is accurate and updated regularly and can be disposed of once it is no longer necessary for its purpose. Employees could be given copies of the information held on them on an annual basis and asked to confirm the accuracy of the information.

Employers need to be able to identify which data they have, why they have it, and who can access it in order to prove if necessary that they have taken all reasonable steps to prevent any loss occurring.

A person should be appointed to take overall responsibility within the company for the way it collects information, how that data is stored and by whom, and how it can be processed by its subject and kept confidential. This person would also be responsible for how data is disclosed internally and externally and to whom.

Employers will also need to comply with the Code of Practice on the Use of Personal Data issued by the Data Protection Commissioner. It covers standards in relation to data generated in recruitment, shortlisting, interviewing and selection procedures; retention of records; access by management, third parties and the subject to employee files; and recording of disciplinary decisions.

In addition recommendations about the monitoring and use of telecoms facilities, including personal e-mails and access to internet sites, are included.


In particular, the Code says that employers should only monitor after first establishing that there is a problem that calls for monitoring. In respect of e-mail, it suggests that the first step would be to carry out “traffic” monitoring to determine whether the system is being abused, and in relation to telephone monitoring it suggests that an itemised call record may be an appropriate initial step.

The Code makes it clear that there should be monitoring where there is a clear business need and the methods used to carry it out should be proportionate and not unduly intrusive into an individual’s privacy.

 

Published: 27 May 2011

Comments

To ensure you are a real person signing up and to prevent automated signups (spamming) could we ask you to copy the letters and numbers shown below into the box.

(cAse SeNSItivE!)

There are no comments



Share this Article


Related Articles

Employment Law Downloads