17 Oct 2002
Iain Bourne of the Information Commission explains how its code of practice for the Data Protection Act can help firms
IT Week: Why is the government's Information Commission publishing guidelines for the Data Protection Act?
Iain Bourne: To make firms aware of their obligations, and to give clear, practical advice on how to meet those obligations. For example, we encourage firms to ask if it is necessary to subject staff to audio and video surveillance, medical testing, vehicle-tracking, email monitoring, and so on. In some circumstances very intrusive techniques may be justified, but this is not normally the case. The code, particularly through its risk assessment approach, helps firms assess the information-processing techniques that are acceptable in particular circumstances.
What impact will the DPA have on firms?
It can be difficult to assess the impact that law has on business. It's true, though, that the DPA will have the least impact on businesses that have already adopted transparent information handling practices and take information standards and security seriously. However, there may well be businesses that don't address any of those issues properly and for whom data protection compliance may be a difficult, onerous and expensive business.
How will the code of practice help?
We hope the code will make compliance easier. It doesn't place any additional burdens on business and doesn't contain any advice we wouldn't provide to individual employers had they asked us to. Issuing the code will allow us to pre-empt some of the many questions employers wish to ask us.
How did you choose the areas to cover?
We tried to structure the code so it would make sense to human resources staff. As well as general information about data protection, the code includes a section on recruitment, job advertisements and so forth, and general record keeping. The code finishes off by dealing with the specialised and potentially difficult areas of monitoring and surveillance and handling medical information about workers, including carrying out drug-tests.
Did you make compromises in the code?
We developed it in the light of comments we received on its drafts. Hopefully this is reflected in its realistic and practical approach. The form the code takes is primarily determined by the contents of the DPA. This means that we're fairly constrained in terms of the code's key concepts such as access to information, security and transparency in information-processing operations.
How has industry reacted to the code?
There has been some opposition to the code from some employers. A few object to such key data protection concepts as restricting covert information-gathering and giving workers access to information about them. However, Parliament has given us the law and employers, like everybody else, must comply with it - we hope the code will help them to do so.
Have your say: contact IT Week
About Iain Bourne
Have your say on this article
Newsletters
Latest stories from Public Sector
Latest videos
You may also like
Public Sector jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
