The Information Commissioner, the government official responsible for data protection issues, has issued Part I of the Employment Practices Data Protection Code. Part I deals with ways in which organisations can comply with the Data Protection Act 1998 in the context of recruitment and selection. The Act places responsibility on organisations to process personal data in a fair and proper way. Sanctions for not complying with the Act include criminal charges.
The legal requirement on employers is to comply with the Act itself. The new Code provides useful guidance and some “benchmarks” in terms of how to do this. The Code includes guidance on:
- managing data
- advertising jobs
- job applications
- the process of verifying that information given by applicants is correct
- pre-employment vetting and the retention of recruitment records
For example, checking with personnel departments as to the types of data held, allocating responsibility for ensuring notification in the register of Data Controllers and on application forms, determining whether all questions are relevant to all applicants.
Three more parts to the Code are anticipated. These will deal with collecting, storing and disclosing employment records, monitoring workers’ use of telephone and email and issues concerning medical information.
The very useful Data Protection website is at www.dataprotection.gov.uk. A copy of Part I of the Code can be found there along with other information about notification and the data protection principles.