Data Protection Code: Part I

The Information Commissioner, the government official responsible for data protection issues, has issued Part I of the Employment Practices Data Protection Code.  Part I deals with ways in which organisations can comply with the Data Protection Act 1998 in the context of recruitment and selection.  The Act places responsibility on organisations to process personal data in a fair and proper way.  Sanctions for not complying with the Act include criminal charges.

The legal requirement on employers is to comply with the Act itself.  The new Code provides useful guidance and some “benchmarks” in terms of how to do this.  The Code includes guidance on:

  • managing data
  • advertising jobs
  • job applications
  • the process of verifying that information given by applicants is correct
  • short-listing
  • interviews
  • pre-employment vetting and the retention of recruitment records

For example, checking with personnel departments as to the types of data held, allocating responsibility for ensuring notification in the register of Data Controllers and on application forms, determining whether all questions are relevant to all applicants.

Three more parts to the Code are anticipated.  These will deal with collecting, storing and disclosing employment records, monitoring workers’ use of telephone and email and issues concerning medical information.

The very useful Data Protection website is at www.dataprotection.gov.uk.  A copy of Part I of the Code can be found there along with other information about notification and the data protection principles.

Bulletins are for general guidance only. Legal advice should be sought before taking action in relation to specific matters. Where reference is made to Court decisions facts referred to are those reported as found by the Court. Please note that past bulletins included in the Archive have not been updated by any subsequent changes in statute or case law.