An employee has told you that she intends to transition to a male identity and that after she returns from her holiday she expects you to change her name on all relevant records. This raises lots of different issues but what are the Data Protection Act implications? Somebody’s name is about as archetypal personal data as you can possibly get. Contrary to popular belief, someone is free to change their name at any time although to do so on official documents like their driving licence they need to do it through Deed Poll or via a Statutory Declaration. After a two year period living in the newly acquired gender someone can apply for a Gender Recognition Certificate but you don’t require that in order to make the change requested.
The key principles under the Data Protection legislation is that any data you retain is accurate so you have to have efficient systems in place to change that name, be it across your IT systems including passwords and logins, access systems like badges and swipe cards, names on your telephone list internally, office signage like office doors, car parking spaces etc. The person who’s made the request may prefer to have no record of their former name or gender that they were assigned with at birth in their records. You may be familiar with the idea that under the Data Protection Act you must only keep information for as long as it is relevant for the purposes you obtained it for. It is entirely possible, therefore, that it may only be relevant to store information about the original gender, for the purposes of, for example, occupational health of somebody but probably not their original name. Information would need to be stored separately and only used for that occupational health purpose and not for any others.
It’s clear from the Information Commissioner’s guidance on this that you are expected to get this issue right the first time and have processes in place to deal with it and that an individual could be awarded damages for any distress caused if it’s not well handled.
It’s interesting to note that the Equality Commission (ECHR) is advising the creation of a third option for people so people are not required to choose from a binary option: they are advising organisations to have a free text field for people to pick a third option rather than male or female.
If somebody arrives at your organisation having already transitioned the individuals gender history will be sensitive personal data that acquires an extra level of protection under the legislation, they may present to you as the new gender they have acquired and it would be a very important training issue to ensure that managers and those dealing with them appreciate that they should only be referring to that individual in their newly acquired gender. I am struggling to think of a reason why you would need to make any record that somebody may have been of a former gender and it’s not relevant to the recruitment process but if once that person has been appointed they don’t officially disclose this information to you it wouldn’t be relevant to have a record. You should be aware that not only do privacy considerations under the Human Rights Act kick in but under the Gender Recognition Act there is a prohibition on the disclosure of information. The offence created is a criminal offence punishable at level five, which is an unlimited fine. It attaches to anyone who has acquired protected information in an official capacity from disclosing that information to any other person and they specifically set out that acquiring that information as an employer or prospective employer is captured. Have you trained manager’s about this?
We are currently offering Data Protection Act training for HR and line managers dealing with employee information at a reduced rate. Please contact firstname.lastname@example.org for further information.