Health information about employees is a real grey area. Many practices are widely accepted even though there is a good case that they do not satisfy a Schedule 3 condition, and in the example given there also appear to be problems with Principle 3 in terms of justifying that the information sought is relevant and not excessive. Frequently there is also a breach of the transparency requirements of Principle 1, when employers do not spell out adequately why they are asking for the information or how they are going to use it. The Information Commissioner appears to have ducked the really interesting questions altogether. In the original draft of Part 4 of the Employment Code of Practice it said: "This part of the Code does not directly address the routine keeping of sickness or accident records about workers. This is covered elsewhere. See Part 2, Employment Records, page 22 ..." This paragraph is missing from the final version, and a new section 3.2 has been added, dealing with Sickness and injury records. Since Part 4 of the Code significantly post-dates Part 2 we should probably assume that the section in Part 4 represents current thinking by the Commissioner. However, Section 3.2 does not answer the question of whether it is legitimate for employers, as nearly all do, to ask questions about workers' health or to maintain sickness absence records. All it says is "Check current practices ... against the sensitive data conditions in the Code" and "See Supplementary Guidance ... which explains more about the sensitive data conditions." So we turn to the Supplementary Guidance where the advice boils down to, in most cases, meeting either the second Schedule 3 condition (legal right or duty in connection with employment) or the first (consent). The legal right clearly could be argued in the case of health and safety but not, I think - and the Guidance gives no examples of this either - in the case of absence management or non-specific enquiries about random aspects of employees' health. That leaves consent, where the Guidance stresses that there must be no penalty for refusing consent, otherwise it is not freely given. Ergo, no employer can force their employees either to provide health information (unless there is a clear requirement in terms of health and safety or some other legal duty), or to allow information about their health to be kept (over and above that required for SSP, for example). So anyone presented with a form such as that described would be entitled to refuse to provide any of the information unless a clear explanation was given as to how it was necessary in order for the employer to meet their legal duties. If the job offer was withdrawn as a result, they could take the employer to court for compensation for a breach of Data Protection. Paul Ticher 0116 273 8191 22 Stoughton Drive North, Leicester LE5 5UB I hereby require any recipient of this message not to use my personal data for direct marketing purposes. ----- Original Message ----- From: "Jon Leonard" <[log in to unmask]> To: <[log in to unmask]> Sent: Monday, January 24, 2005 9:19 AM Subject: Medical Records form > Dear all > > I work for HBS supporting Lincolnshire County Council. I am not > actually a member of the DP list but I am covering for Data Protection > in David Forbes' absence. One of the queries he has received concerns a > medical form which is sent out. > > I have attached the form for your reference and the concerns raised > about it are below: > > "When I was offered my current job here at LCC it was on the condition > that I had satisfactory references and that I was also fit enough, I had > complete a Well Work Employee Occupation Health form (see attached). The > form consisted of 64 medical questions which is obviously very personal. > Although I did not agree with the form I completed it anyway as I > really wanted the job and I didn't want to disadvantage myself in > anyway. > > I thought that the attached form was breaching principals 1 and 3 of > the Data Protection Act? > > I think that it is probably a valid point as although some of the > questions may well be relevant to some jobs, all of the questions are > not relevant to all jobs. The point about filling in the form is > interesting because as people have usually been offered a job before > they see this form they may feel that although they disagree with > filling the form in they may well do so rather than querying the form as > they feel that this may jeopardise the job they are being offered." > > My own feelings are that the form does not reference the DP Act and the > nature of the wording compels you to fill in the details even though you > would feel uneasy doing so. > > I have access to David's e-mails so replies to this list will be read. > > Thanks in advance for your help. > > Jon > > > ---------------------------------------------- > Jon Leonard > Senior Analyst/Programmer > Applications Support Team > IT Division > HBS Business Services/LCC > Tel: 01522 83 ext. 6155 > Fax: 01522 516016 > ----------------------------------------------- > > > ********************************************************************** > "No contracts may be concluded on behalf of HBS Business Services Group Limited (HBSGL) by means of email communications. > > Any information or opinions contained in this message that do not relate to the official business of HBSGL are neither given nor endorsed by it. > > HBSGL reserves the right to monitor and intercept emails sent and received on our network. > > Internet email is not 100% secure. You must be aware of this lack of > security when emailing us. HBSGL does not accept responsibility for changes made to this message after it was sent > > This footnote confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. www.mimesweeper.com > <http://www.mimesweeper.com> > > Although HBSGL have taken these steps to ensure that this email and any attachments are free from any virus, in keeping with good computing practice you should make sure that they are actually virus free. > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error you may not take any action based on it, nor should you copy or show this to anyone; please reply to this email and highlight the error to the sender, then delete the message from your system." > > ********************************************************************** > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > http://www.jiscmail.ac.uk/help/commandref.htm > Any queries about sending or receiving message please send to the list owner > [log in to unmask] > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^