Hello
I think that there are two points to bear in mind here. The first concerns
the taking of data protection consent from employees: the Information
Commissioner has expressed concern where employers attempt to do this in an
employment contract. Apparently she is of the opinion that this will not be
real consent due to the inequality of bargaining power (in the sense that
people will sign anything to get a job) between the employer and employee
and the requirement in the Directive for consent to be freely given.
Further, and perhaps more obviously, it will never be acceptable to take
consent for processing sensitive personal data in an employment contract.
The second point is that it is always the Data Controller's responsibility
to comply with the legislation. As far as I am aware, this means that the
responsibility cannot be delegated. As you point out, it will be the
employer's responsibility to train staff in DP compliance.
Hope this helps.
Cindy Burnes
Privacy & Data Protection
44 Tregarvon Road London SW11 5QE
Tel. +44 (0)20 7924 1927
Fax. +44 (0)870 137 7871
http://www.privacydataprotection.co.uk
Conference Notice
The First Annual Data Protection Compliance Conference will take place in
London on 24th September 2002. For further information, see:
http://www.privacydataprotection.co.uk/conference
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Moira Forbes
Sent: 17 July 2002 10:12
To: [log in to unmask]
Subject: employee contract clause
Dear All,
My HR section have requested my approval of the following statement:
"From time to time xxx may process Personal Data and sensitive Personal
Data about you which is covered by the Data Protection Act 1998 for
administration and business management purposes. Processing will take place
in accordance with the provisions of the Data Protection Act 1998. By
signing this contract you acknowledge that you are providing xxx with
consent to these uses.
It is your responsibility to ensure that where, in the course of your
employment with xxx, you process data covered by the Data Protection 1998,
you comply with this legislation."
Initially I thought it was fine, but now I wonder whether it removes the
individual's right to give explicit and informed consent to sensitive
personal data. I realise the Act allows HR sections to process certain
sensitive data in the course of their work (eg sickness records) but is
this statement a step too far? I also wonder about the terminology "your
responsibility to ensure" with no reference to the employer providing
training/guidance etc - or am I being too picky?
Comments would be most welcome.
Thanks
Moira
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|