The Employers Code of Practice

The Information Commissioner’s Office (ICO) issues a number of guides relating to privacy. These explain how businesses can operate within the law when it comes to protecting the confidentiality of people both within and outside them.

The Framework Code of Practice for Sharing Personal Information

The Framework Code of Practice provides employers with a policy framework designed to ensure that they operate in accordance with the Data Protection Act. This advice is appropriate for all organisations in the UK, including those in the voluntary and public sectors.

Some of the key recommendations are as follows:

• Sharing must only take place when it is necessary, and what is shared has to be relevant and not excessive.
• Personal details must be processed fairly. In particular, the person must know who your company is and what the collected facts will be used for.
• The knowledge retained will be appropriate in scope and accurate in content.
• Retention periods must be specified and adhered to.
• Appropriate technical and organisational safeguards will be in place.
• People will have access to what is held about them.

The Employment Practices Code

A separate but related document issued by the ICO is The Employment Practices Code. This is designed to protect details about employees, unlike the Framework Code of Practice, which covers measures for appropriate handling of all personal data.

Specifically, the Code covers the privacy of all workers, including the following:

• applicants and former applicants, whether or not their applications were successful
• employees
• agency staff
• casual staff
• contract staff

Here are some of the general recommendations from the Code:

• Nominate someone to have responsibility for ensuring compliance with the Data Protection Act.
• Make serious breaches of the rules a disciplinary matter.
• Consult with workers and trade unions when formulating your policy.

Recruitment and Selection

The first part of The Employment Practices Code relates to recruitment and selection. Here are some highlights:

• Ensure that applicants are made aware of all parties that are part of the process, such as the prospective employer and any recruitment agencies used.
• Only seek knowledge that is relevant to the recruitment process. Previous criminal convictions, for example, are generally irrelevant unless the job type is specifically mentioned in the Exceptions Order to the Rehabilitation of Offenders Act 1974.
• Ensure that everything recorded during interview is relevant to the recruitment process.
• Explain what, if any, third parties will be contacted in relation to the application.
• Only keep relevant facts from the recruitment process.

Employment Records

The second part of the Code relates to the personnel records of workers. It covers the following topics, and you should consult it directly for the details:

• general record-keeping
• security
• sickness and injury
• pensions and insurance
• equal opportunities
• marketing
• detection of fraud
• workers’ rights to see their own records
• references
• disclosure and publication
• business re-organisation
• discipline
• outsourcing data processing
• record retention

Monitoring at Work

The penultimate part of the Code concerns systematic monitoring in the workplace.

Employers should judge whether any of the monitoring procedures they put in place have an adverse impact of their staff, and consider alternatives where this proves to be the case.

This section gives some core principles, which can be summarised as follows:

• Monitoring of employees is usually intrusive.
• Workers are entitled to a degree of privacy at work.
• Monitoring should only be used where it will deliver real benefits to the business.
• Workers should be made aware of the monitoring that takes place, unless the circumstances are exceptional.

Workers’ Health

The final section is concerned with records relating to the health of employees. It contains general considerations about workers’ health and the operation of occupational health schemes. There is specific discussion of the handling of facts derived from testing workers medically, genetically and for the presence of drugs and alcohol.

Getting More Information

If you are responsible for shaping your organisation’s privacy policies, or are involved in the recruitment of staff, then you may wish to read the full text of these two sets of guidelines. Both are available for download from the Information Commissioner’s website.