I would say that the employee has a valid grievance.

The bell that has been rung cannot be unrung, and the analysis of the prior records may be prejudicial to their employment.

Even if this proves to be lawful under the DPA, the passing and use of that data was at best a breach of confidence. A valid pragmatic solution is to ask the employee to be present to witness the destruction of any and all data, including the analysis of the absence pattern and all correspondence and notes related to it, yes, even in a non structured paper filing system.

I may be that this open action will satisfy the employee. It may not, but it shows a willingness to take responsibility for the event.

On 19 Nov 2010, at 16:05, Godfrey, Jenny wrote:

Dear list,
 
I'd be grateful, again, for some DPA advice!  As my organisation is a civil service dept, when a member of staff joins us from another civil service dept we ask to see the previous 1 year of their sick record.  The issue we currently have is that, by mistake, another dept passed us the last 3 years worth of a staff member's staff record.  Our HR dept then used this information to analyse their patterns of sickness, over and beyond what we could do provided with just 1 years worth.  The member of staff has raised a grievance about their personal data being used in this way, and with it being provided by the other dept without their consent.  
 
It seems to me that we have could have breached principles 1 and 3 of the DPA by having used the personal data in this way, but I wondered what your views on this would be?
 
Many thanks,
 
Jenny Godfrey
Head of information management
Office of Rail Regulation
One Kemble Street
London
WC2B 4AN
Tel: 020 7282 0114



Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website - more than anyone needs to know

Marketing by Permission

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at 16 Coombe Road, Dartmouth, Devon, United Kingdom TQ6 9PQ

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)