You’re probably familiar with the Data Protection Act and the notion that individuals have certain rights regarding their personal data and even further rights when it comes to sensitive personal data (which might be information which discloses anything to do with their health, sexual orientation or criminal record). Recently there have been a number of decisions affecting solicitors and barristers which we can all learn from.
The lawyers concerned were carrying around files containing large quantities of information, transferring them to and from work and the office, and to and from the Court. Problems occurred when an in-house solicitor accidentally dropped sensitive information about a child protection case in the street, having taken documents home. You might equally be at risk of leaving a file in your car overnight, leaving it out in your home on the coffee table or losing a memory stick you have saved some information to before taking it home to work on. If the breach of the Data Protection Act is deemed to be serious enough and has the potential to cause substantial damage or substantial distress to affected individuals, the Information Commissioner can now fine up to £500,000.
Whilst it is tempting to think ‘that will never happen to me’ or ‘who’s really going to complain if I do that?’, sensible precautions are called for. This might be encrypting information on memory sticks, checking that email addresses you are using are correct before sending an email, carrying only information that is absolutely essential, locking cabinets and not leaving anything in the boot of your car overnight. Equally, if you are disposing of old computers, you need to make sure that any information held on them are permanently deleted. This could be really important if you are in the habit of emailing yourself something to your home computer so that you can work on it in an evening.
A second case recently saw a paralegal prosecuted for illegally removing sensitive information relating to a hundred people before they left to go and work at a rival firm. If you’ve got employees who might be tempted to try and take customer information with them when they leave, you need to be looking at what measures can be taken internally to prevent them from being able to do so as, if a customer complains, it’s your organisation who would face the criticism.
Another issue that has recently arisen on something that I was dealing with involves a situation where HR were re-using a Settlement Agreement document that had previously been used for another individual. It’s a very easy mistake to make, but the name of an individual whose employment had previously been compromised was left part-way through a document that was being given to somebody else. That person has complained. Now this is something that we’ve probably all accidentally done at some point but great care does need to be taken to check documents, perhaps using the ‘find’ function to ensure that no references to the wrong person have been left in a document which could include looking at footers and file history for the document as well. Better still, to avoid the risk, have a precedent document that is blank that you always go back to to start again.
As an employer, if you want to be able to take disciplinary action against staff who breach the law, you need to have trained them properly and have policies setting out the rules they should be complying with. Like so many areas of the law, it is useful to give real life examples to bring this to life so people appreciate how it can apply to what they do on a day to day basis.
Please contact Anna for more information on the training we can offer in this area.