The Data Protection Employment Practices Code deals with the impact of data protection laws on the employment relationship.
The Information Commissioner's Office (ICO) who regulators data protection laws in the UK intends the Code to help employers comply with the Data Protection Act and to encourage them to adopt good practice. The code aims to strike a balance between the legitimate expectations of workers on how their employers will properly handle personal information about them and the legitimate interests of employers in deciding how best, within the law, to run their own businesses.
The Data Protection Employment Practices Code does not impose new legal obligations.
The Code covers issues such as the obtaining of information about workers, keeping records, access to and disclosure of, records.
Not every aspect of The Data Protection Employment Practices Code is relevant to every organisation – this will vary according to size and the nature of its business. Some of the issues addressed may arise only rarely – particularly for small businesses. Here, regulators intend the Code to serve as a reference document and use it on when necessary.
Why is the Data Protection Employment Practices Code important?
Following the code will:
- increase trust in the workplace – there will be transparency about information held on people, thus helping to create an open atmosphere where workers have trust and confidence in employment practices.
- encourage good housekeeping – following the code encourages organisations to dispose of out-of-date information, freeing up both physical and computerised filing systems and making valuable information easier to find.
- protect organisations from legal action – adhering to the code will help employers to protect themselves from challenges against their data protection practices.
- encourage workers to treat customers’ personal data with respect – following the code will create a general level of awareness of personal data issues, helping to make sure that organisations look after information about their customers.
- help organisations to meet other legal requirements – the Code is consistent with other legislation such as the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000 (RIPA).
- help global businesses to adopt policies and practices which are consistent with similar legislation in other countries – the ICO has written the Code to reflect legal requirements set out in EC Directive 95/46/EC (The Data Protection Directive). The Code is therefore compliant with data protection laws in other European Union member states.
- help to prevent the illicit use of information by workers – informing them of the principles of data protection, and the consequences of not complying with the Act, should discourage them from misusing information held by the organisation.