How confident are you that you are complying with the Data Protection Act?
All businesses regardless of size will hold some data about their clients and employees. Regardless if this data is stored in paper format or electronically on PC’s, disks or memory sticks, the same rules apply to all the data and it’s imperative that the data that is held complies with the Data Protection Act.
How confident are you that you are complying with the Data Protection Act (DPA)?
In November this year a marketing company had breached the Data Protection Act resulting in the company being fined £70,000 by the Information Commissioner Office (ICO). The ICO also charged the Ministry of Justice a £180,000 penalty over serious failings in the way prisons had been handling their information (report).
The Data Protection Act applies to all data and employers must follow strict rules known as Data Protection Principles which lay out very clearly what must be done.
So, what can employers do to ensure that they are following the best practice when it comes to managing their own data. Here’s some helpful advice that you could consider adopting.
- A good way to start would be to familiarise yourself with the Data Protection Act and the 8 data protection principles. It’s critical that you are following these 8 principles.
- The data that is classed as ‘Sensitive Data’, e.g. health conditions, sexuality and criminal records should be treated with additional care.
- How clear is your Data Protection policy? Clear and up-to-date policies are very important, the policies and guidelines should be clear to all staff that deal with your data and ensure they clearly understand the responsibility that they hold. The principles run through a number of QCS policies, for example:
- Access to Information Policy and Procedure
- Monitoring of Business Communications Policy and Procedure
- CCTV Policy and Procedure
- Social Networking Policy and Procedure
- Under the DPA you are obliged to ensure you have adequate security measures in place to reduce the potential of any theft of your data. The following policy covers what to do it there is a breach:
- Data Security Breach Policy and Procedure
- Finally, keep all your data up-to-date, as you may be contravening the DPA by holding out of date records.
The maintenance and protection of data storage in businesses is ever a sensitive subject but following these tips should assist to eliminate any problems that you may encounter with your records.
Anita Manfredi of Employer Solutions – QCS HR Expert Contributor
*All information is correct at the time of publishing