It was almost a decade ago that the Information Commissioner's Office issued two Employment Practices Codes; one intended for SMEs alongside supplementary guidance for larger organisations. Both are still available as guidance today, but are now out of date.
The rules around data protection changed in May 2018 when GDPR came into force. Individuals obtained new rights about the processing of their personal data such as portability and the right to be forgotten. Plus their existing rights were enhanced. In the context of the employment relationship, organisations had to navigate their way through these changes without the benefit of specific and tailored advice from the regulator.
The world of work has changed significantly since 2011 fuelled by the proliferation of technological advances. The pandemic has turbo charged this – remote and hybrid working has become the norm for many organisations and monitoring staff has never been easier.
Plus, the proliferation of social media makes it easy for organisations to check the online profiles of candidates and take action against staff for the views they express online or their behaviour outside of work.
Many companies share employment records and data in the cloud. And, organisations have to decide whether to ask staff about their health and vaccination status in order to allow them to continue to come into work.
These issues are extremely complicated and it would be helpful to have an updated employment specific code employers could refer to.
The ICO recognises that it’s codes need to be updated and is seeking views on the following areas:
- Recruitment Selection and Verification
- Employment Records
- Monitoring at Work
- Information about Workers' Health
How you can help
The ICO wants organisations to respond to its consultation to help it shape it's approach. If you have examples of data protection issues that you’ve found difficult to resolve or have any general issues that you’d like the codes to cover, please respond.
The deadline for the consultation is Wednesday 27 October 2021 and you can access it here.
Joanne Bone specialises in GDPR and privacy issues. She's been a data protection lawyer long before it was 'fashionable' to be one and she's known for distilling a complex topic into easy to follow and pragmatic advice. She advises on GDPR accountability programs (policies and procedures) and drafts and negotiates contracts relating to data sharing and data licensing. She also advises on the tricky issues arising from how to export personal data compliantly, subject access and other individuals' rights requests, data breaches and how best to deal with complaints made to the ICO.