The Employers Code of Practice

Author: Matthew Strawbridge

The Information Commissioner’s Office (ICO) issues a number of guides relating to privacy. These explain how businesses can operate within the law when it comes to protecting the confidentiality of people both within and outside them.

The Framework Code of Practice for Sharing Personal Information

The Framework Code of Practice provides employers with a policy framework designed to ensure that they operate in accordance with the Data Protection Act. This advice is appropriate for all organisations in the UK, including those in the voluntary and public sectors.

Some of the key recommendations are as follows:

Sharing must only take place when it is necessary, and what is shared has to be relevant and not excessive.
Personal details must be processed fairly. In particular, the person must know who your company is and what the collected facts will be used for.
The knowledge retained will be appropriate in scope and accurate in content.
Retention periods must be specified and adhered to.
Appropriate technical and organisational safeguards will be in place.
People will have access to what is held about them.

The Employment Practices Code

A separate but related document issued by the ICO is The Employment Practices Code. This is designed to protect details about employees, unlike the Framework Code of Practice, which covers measures for appropriate handling of all personal data.

Specifically, the Code covers the privacy of all workers, including the following:

applicants and former applicants, whether or not their applications were successful
employees
agency staff
casual staff
contract staff

Here are some of the general recommendations from the Code:

Nominate someone to have responsibility for ensuring compliance with the Data Protection Act.
Make serious breaches of the rules a disciplinary matter.
Consult with workers and trade unions when formulating your policy.

Recruitment and Selection

The first part of The Employment Practices Code relates to recruitment and selection. Here are some highlights:

Ensure that applicants are made aware of all parties that are part of the process, such as the prospective employer and any recruitment agencies used.
Only seek knowledge that is relevant to the recruitment process. Previous criminal convictions, for example, are generally irrelevant unless the job type is specifically mentioned in the Exceptions Order to the Rehabilitation of Offenders Act 1974.
Ensure that everything recorded during interview is relevant to the recruitment process.
Explain what, if any, third parties will be contacted in relation to the application.
Only keep relevant facts from the recruitment process.

Employment Records

The second part of the Code relates to the personnel records of workers. It covers the following topics, and you should consult it directly for the details:

general record-keeping
security
sickness and injury
pensions and insurance
equal opportunities
marketing
detection of fraud
workers’ rights to see their own records
references
disclosure and publication
business re-organisation
discipline
outsourcing data processing
record retention

Monitoring at Work

The penultimate part of the Code concerns systematic monitoring in the workplace.

Employers should judge whether any of the monitoring procedures they put in place have an adverse impact of their staff, and consider alternatives where this proves to be the case.

This section gives some core principles, which can be summarised as follows:

Monitoring of employees is usually intrusive.
Workers are entitled to a degree of privacy at work.
Monitoring should only be used where it will deliver real benefits to the business.
Workers should be made aware of the monitoring that takes place, unless the circumstances are exceptional.

Workers’ Health

The final section is concerned with records relating to the health of employees. It contains general considerations about workers’ health and the operation of occupational health schemes. There is specific discussion of the handling of facts derived from testing workers medically, genetically and for the presence of drugs and alcohol.

Getting More Information

If you are responsible for shaping your organisation’s privacy policies, or are involved in the recruitment of staff, then you may wish to read the full text of these two sets of guidelines. Both are available for download from the Information Commissioner’s website.

19 Comments

Ask a Question or Comment

Mandi 22 Nov 2020

Delivery firm past my husbands telephone number to another company to ring for parcels delivers and she took it home and rang him out of work also sent tex saying she could be sacked for using his number out of work is this a breach

Scmr 4 Jun 2020

Can my employer share my hime address with my line manager and if so under what circumstances / grounds. Should i be asked to give permission furst

Alfie 3 Apr 2020

Today I received a parcel from Moonpig it had my full address but not my name Contacted Moonpig to enquire what to do told to keep the parcel & they would contact the customer & send them another Imagine my shock when the customer came to my house & insisted I gave him the parcel explained the situation but to no avail The alarming part about all this that my address has been given to a total stranger Please advise TY

WelshRareBit 26 Mar 2020

My employer disclosed details about me to a fellow colleague who has nothing to do with me

Manny 3 Oct 2018

My employer has just this week enforced whilst working away from home that we must share rooms at all times with our colleague, is this not an invasion of privacy Is what they are enforcing legal.

CraigT Editor 16 Apr 2018

@Peedorf - what good would emailing her do? You have both left the company now.

Peedorf 14 Apr 2018

Me and my boyfriend worked for the same company. We have both left the company within the start of this year. I bumped into a excolleague who told me that his (was our) manager told him about my boyfriend suffering from mental health issues. Surely she has no right to do so? I don't want to email her and come off looking stupid!!

Kate 8 Mar 2018

The office manager at my law firm has disclosed all employees' dates of birth to the receptionist so that she can organise birthday celebrations. This is clearly a breach of data protection, which is made worse by the fact that this is a law firm. If I put in a complaint to the ICO, would they do anything?

Hen 7 Jul 2017

Can a employer use tracking date in a work assessment

Al 11 Jan 2017

My manager gained access to my personal (work) email without asking or telling me. I tried to change my password but she was still able to read my correspondence leaving my work emails marked 'read' so I didn't know which emails I had or hadn't read/actioned. IT told me she has complete access to my inbox without the requirement of a password. She continues to do this. I brought it up with a senior staff member who said work emails are property of the school. Is she entitled to covertly gain access to my emails and read them without consent?

EmployeePrivacyRights Editor 19 Jul 2016

You can find out more about what policies your company should have in place via the USDAW link herewhich should fully answer your question.

Mr T 18 Jul 2016

My employer wants to do a breathalyser test. Do they have to be trained or can calibrated equipment be ok to use

keke 12 Jan 2016

I've recently resigned from my job and understood the reasons to be confidential however I've had messages on social media and seen posts referring to me that could have only come from work. Are my managers at liberty to give personal information about me?

andrea68t 26 Aug 2014

I recently made a personal call in the work place which was then listen to by another employee and the detail of the conversation was disclosed to other colleges in my work place. I do not think this person had authority to listen to my call. I have put in a complaint but this is not being taken seriously. Have i had my human rights breech and also my data protection. The details of the conversation was of a very personal nature and was very embarresing

Pan 28 Feb 2014

My employer gave out my home & personal mobile out to customers rather than the branch details. Am I able to claim compensation for this?

Robin 11 Dec 2012

I am a teacher and until recently had a locker to store my personal belongings. We have been moved into a smaller staff room and there is now no provision for secure storage of personal belongings. Does the law compel my employer to provide with secure storage for personal belongings?

Sparky 6 Sep 2012

Is your employer allowed to follow you coersively whilst you are working out on site etc.follow you in his/her car to various locations meetings you have arranged etc.

Crossy 29 Jun 2012

We had photos taken for a new security pass- then the photos were put on our outlook emails too- so now when we send an e mail these hideous photos go with it. We have asked for them to be removed- but they won't. We were told they were for the passes only and never said they can be used for another purpose. Can they do this?

smithy 27 Jun 2012

very good reading. i would like to know if employers occ health can keep medical records without your permission

Ask a Question or Comment

Your email won't be published. Comments are moderated before appearing.