My view for information / debate.
> Should the employee be made aware of the investigation and at what stage -
before/after/during?
Before via notices at time of recruitment. The purpose of the processing
appears to be Staff administration?
Notice of such a purpose should have been given at recruitment possible as
part of a staff handbook on company policies explaining in more detail what
staff administration entails. Under 84 Act such notice given it was an
obvious purpose did not require notification. Under 98 the text of the
legislation states all purposes should be notified.
> Should a record of the investigation be retained on the Personnel file if
the employee is exonerated?
Is the record excessive to the purpose of staff administration (Principle
5). Debateable. Many personnel records have differing useful time span but
the purpose of 'staff administration' is generic and appears to allow
retention for the duration of an employees contract. There could be an
argument of 4th principle 'data where necessary should be kept up to date'
to support erasure. This principle has no cross reference to the purposes of
processing. Principle 1 fairness also has no reference to purposes simply
the processing of the data itself. As the data created for the personnel
file is in fact new dynamic data (that created from other data and
facts)then it is technically arguable Sch 1 Part 2 section 3d comes into
play and as such the data controller should revisit fairness and notify the
employee they have created and are holding such new data. There appears no
exemption to this in this context.
In practice there appears little justification to retain after the
investigation is complete. The best way of protecting the employee if
exonorated (and presumably preserve employee relations)is to remove the
record. To leave it despite the result signifies employee was under
suspicion? (Mud sticks). The result also appears to signify a potential
failure in the trigger mechanisim for the investigations which themselves
should be reviewed and refined as appropriate. If started via a tip off was
done in a malicious manner. If I was the employee I would wish to have the
record erased and argue my right of erasure (as soon as I discover it is
there via fair processing notice.
> Does it then form part of the disclosable file?
Yes. The right of access remains.
> Can any retention of the data be justified and what might be a reasonable
retention period?
As this principle 5 is associated with the purpose of processing it is
arguable that all records held for staff admin purposes can be retained for
the lifetime of the employees contract of employment given the purpose is
defined generically. Clearly the data itself can be damaging despite the
exoneration result and employees can ask to have it removed via their right
to erasure via section 10, but they can be forced to court for this. (Not
good employee relations practice). This principle is not particularly useful
in this context given the generic definitions of the purposes of processing.
As ever the technical interpretation of the Act only signifies what is
possible should someone choose to fight for their rights. No one generally
fells comfortable to find they were suspected of any wrongdoing but most
allso may accept the need to monitor if clearly informed of procedures and
safety controls. The real issue is what is good employee relations practice.
The Act does not prevent such investigations and if proper security
processes are in place informing any individual in advance of the potential
investigations should not prevent investigation proceeding under staff
administration purpose. The actions which will occur dependent on result
should also be advised up front and offer the employee the right to choose,
if exonerated, the removal of all records relating to the investigation and
result. In this manner employer / employee relations should be maintained.
Unfortunately from various articles seen and seminars attended it appears
too many employers take a too high moral stance on data capture about
employees with little justification.
Hope this view assists. Again as ever Im keen to hear any other views.
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Su Goulding
> Sent: 09 November 2001 17:18
> To: [log in to unmask]
> Subject: E-mail monitoring & records of investigation
>
>
> Hypothetical (but possible) scenario - An employee, in a firm
> with published
> policies on acceptable use of e-mail, is suspected of breaching
> the policy.
> Let's say they are suspected of distributing unsuitable material.
> A covert
> investigation is launched in line with agreed procedures, appropriately
> authorised by management, for a specified purpose and a pre-determined
> length of time. Facts are gathered, with the result that the employee is
> exonerated.
>
> - Should the employee be made aware of the investigation and at
> what stage -
> before/after/during?
> - Should a record of the investigation be retained on the
> Personnel file if
> the employee is exonerated?
> - Does it then form part of the disclosable file?
> - Can any retention of the data be justified and what might be a
> reasonable
> retention period?
>
> There are a number of possible pitfalls throughout. Not least is
> the damage
> to the employer/employee relationship and any potential claim for
> damage/distress as a result (what if the employee thought - rightly or
> wrongly - that they had been denied promotion as a result of the
> investigation?). However, the employer might find the data beneficial if
> the employee was later found to be breaching policy in the same way on a
> different occasion.
>
> The fundamental issue might lie with the wording of the policy/procedures
> and sweeping assumptions that these are entirely legal and reasonable have
> been made throughout.
> No views advocated, no agenda represented.
> Have a good weekend, all.
>
> Su Goulding
> Data Protection Analyst
> tel: 020 7330 3491
> mobile: 07767 674376
> [log in to unmask]
>
>
>
> ======================================================================
>
> This email is confidential and may also be privileged. If you
> are not the intended recipient please notify us immediately by
> telephoning +44 (20) 7330 3000 and requesting the IT Helpdesk.
> You should not copy it or use it for any purpose nor disclose its
> contents to any other person.
>
> Allen & Overy
> One New Change
> London
> EC4M 9QQ
>
> Tel:+44 (20) 7330 3000
> Fax: +44 (20) 7330 9999
> General Email: [log in to unmask]
> www: http://www.allenovery.com
>
> Allen & Overy is a solicitors' partnership. A list of the names
> of partners and their professional qualifications is open to
> inspection at the above office. The partners are either
> solicitors or registered foreign lawyers.
>
> ======================================================================
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|