Controlling Access to Personal Information
Personal information has value and must be safeguarded. It is understandable that people wish to keep private all manner of information about themselves. When they trust their information to an organisation, that organisation has a duty of care to secure the details and to use them responsibly.
In fact, their responsibility extends beyond a duty of care – companies have a legal obligation to collect, use and store personal records responsibly. The Data Protection Act 1998, enforced by the Information Commissioner’s Office, governs how UK businesses may handle knowledge about living people.
Customers
When a company collects facts about its customers, it must state how it intends to use and store them and must not do something else instead. Businesses may not pass their lists on to third parties without consent, and must not keep the contents longer than necessary.Employees
Although the Data Protection Act is usually thought of in terms of knowledge about customers, it is equally applicable to the details a business holds about its own employees.The Human Resources department will keep records about their staff. This will cover the obvious things such as addresses and telephone numbers. Staff that are paid electronically into their bank accounts will also have handed over their bank details, and records will be kept of national insurance numbers, tax codes and the total remuneration package they receive. All of these things have some value to people outside the organisation: fraudsters looking to commit identity theft, or the company’s competitors who would like to know how much they pay their staff.
Because of this, it is important that records about employees are held securely, and that the right to use them is rigorously controlled.
Practical Measures to Control Access to Information
Suppose a company keeps a computerised list of its personal customers. This represents a major business asset, and it should be defended. It could be very harmful, for example, if an employee were to be poached by a competitor and decided to take a copy of all the customer records to his or her new job!So it makes sense for the company to hold customer records in a form that cannot easily be copied; at the very least, such copying should be logged by the system. Just think of all the bad publicity that has come from government departments losing people’s records that should never have been copied to unsecured systems in the first place.
Stringent security measures not only secure the assets of the company, but they also protect the individuals to whom the data relates. Other things that can help are granting rights on a “need to know” basis, and using passwords and encryption.
Even if personal information is being held on paper, there needs to be adequate physical security in place to control who has access to it.
Defending Your Own Information
Under the Data Protection Act, you have the right to access information held about you and to correct it if it is inaccurate. This right is known as subject access. You may have to pay a small fee to cover the administration of your request.NB*The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed. It places a range of new obligations on organisations to be more accountable for data protection.
Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.
Professional Low Cost Website
Whether you are a small business, freelancer or entrepeneur, a stunning website doesn't have to break the bank. For just £99 we will design a site that helps you to stand out online. To find our more get in touch here..
Re: Personal Possessions in the Workplace
My son had items missing from his desk and his issued equipment replaced with broken equipment. He brought in a camera…
Re: Worker-Manager Confidentiality
I have just had an informal meeting with my manager and he asked another senior member of staff to sit in as a witness, I wasn't…
Re: What to Do If Your Privacy is Invaded at Work
In a meeting we had to fill in various forms. The data itself was not particularly sensitive. But after the…
Re: What to Do If Your Privacy is Invaded at Work
My manager found me jerking off in the toilets as I’m a registered sex addict. He told everyone.
Re: Rumours About Sick Leave: Has My Privacy Been Invaded?
My daughter recently had a work based accident and sustained an injury which has resulted in her…
Re: Worker-Manager Confidentiality
I had to whistleblow to my registered manager about a safeguarding issue which was confidential and it was disclosed to other…
Re: What to Do If Your Privacy is Invaded at Work
Hoping someone can help. So I've had a grievance put in against me at work due to my wages by a co-worker.…
Re: What to Do If Your Privacy is Invaded at Work
Hello there I trust I find you well. The reason why I write to you is to seek advice concerning my…
Re: Introduction to the Data Protection Act
My manager gave my personal phone number to somebody outside of the company. Is this allowed?
Re: What to Do If Your Privacy is Invaded at Work
I was sent home poorly from work and either a colleague has told my employer i attended my daughters…