Your Firm and the Data Protection Act

5. Employment Records

5.1 Someone has to accept responsibility for looking after employment records.

• This includes keeping them accurate and up to date.
• It also includes keeping them secure. For example, they should not be loaded on to a laptop that could be lost or stolen, unless it has adequate access controls.

5.2 Employees' right to privacy must be respected.

• For example, it would be inappropriate to draw up and publish a league table of sickness absence. The intrusion into employees' privacy would be disproportionate to any management benefit.
• You must tell employees about any personal information that you have a legal duty to pass on to a third party, such as HM Revenue & Customs. You should not pass on employees' details to any other organisation (except for data processors - see 2.3) without specific consent from the employees involved or unless there is some other justification or legal requirement to do so.
• When potential employers ask for a reference, employees should be asked if they're happy for you to provide it.

5.3 Employees have the right to see all their personnel files.

• This includes files on disciplinary and grievance matters, unless an exemption applies, such as a continuing criminal investigation.