The 11 year old Data Protection Act is not something most small businesses think about much. But from next year directors may end up spending two years in jail or facing hefty fines if they breach the Act.
New rules, which may be implemented in April next year, will clamp down on individuals or companies deliberately flogging personal data to earn cash.
But with many of Britain’s small businesses engaged in services, dealing over the internet and generally storing and moving more and more data the misuse of personal information by bosses or employees is a very real risk.
A consultation document released recently by the Ministry of Justice said the tougher penalties are needed to deter systematic and lucrative flouting of data protection rules. Plenty of employers have data protection issues and the tougher sanctions may trickle down.
A survey from the British Standards Institute revealed that one in five companies had breached the Data Protection Act unwittingly and 65 per cent of companies do not think it necessary to train staff about data protection. This will leave them exposed to criminal sanctions for the misuse of personal data of their own staff and that of customers – where the changes are probably targeted.
The Information Commissioner has helpfully produced a “quick” 24 page guide to data protection for small businesses. It tells employers only to disclose data about their employees if it is fair to do so, without saying how that will be judged. On the whole, compliance is not hard though.
It is a good plan to tell staff what data you have about them and how it will be used. Then stick to those uses. If you want to do something new with the data, let staff know about this. Employment records should be locked up and computerised records pass word protected. Access to them should be restricted.
It is a bad plan to send out confidential references about staff, unless they have agreed to this.
Obtaining, publishing or disclosing private data is exempt from penalty under the new sanctions, if it is in the public interest. So, don’t forget, you can still talk to the press – or your lawyer.
Peta Fluendy, employment law consultant at Sutton based De Brett and Co:
http://www.debrettlaw.co.uk/
For your employment law questions answered email employmentlawconsultant@gmx.com.
No Comments on this post