For several years, the Information Commissioners Office (ICO) has been on the tail of all businesses, organisations and individuals, to ensure that they protect all sensitive customer data. Information rights are at the top of the government’s agenda, but what are the rules for agencies and businesses who retain information?
Data protection is a growing formality for all businesses considering the government’s ongoing plans to ensure businesses take proactive measures to achieve this. The Data Protection Act is the main piece of legislation which governs the way personal information is used by organisations, businesses and individuals. The act satisfies two main forms of ‘personal data’:
- Information processed, or intended to be processed, wholly or partly by automatic means (e.g. on a computer); and
- Information processed not by automatic means which form part of, or are intended to form part of, a ‘relevant filing system’ (i.e. manual information in a filing system).
The ICO emphasise heavily the importance of client data. Being that recruitment agencies come into contact with sensitive information sent in by thousands of individuals every day, understanding the act is essential.
What Data Can I Use?
Many have the misconception that because information may have been given to a party, that they have the right to use it. The government has released a code of practice which covers practical principles that should be applied by all businesses, organisations and individuals.
- All data must be fairly and lawfully processed – This is to ensure that all acts are in the best interest of the individual
- Use of data – The act looks at the importance of specification for the use of the data and the processing of the clients data
- Holding too much data – The act protects against a company collecting more data that necessary
- Accuracy – To ensure that businesses hold the correct and accurate data for individuals
- Retention – Ensuring that unnecessary data is disposed of
- Rights – Ensuring that the rights of the individual whose data has been collected is respected and abided by
- Security – Ensuring that effective information security processes are in place
- International conditions – The conditions for sharing and using information outside of the European Economic Area
Therefore, when collecting information about your clients or candidates, it is important to specify:
- What their personal information is being used for
- What marketing and mailing lists they are being subscribed to
- Whether their information will be shared with third parties
What Data Can I Keep?
You do not have to make the party aware that you will be keeping the data, however you will need to make them aware of the use of the data. If, however, the data has a time stamp, it is important that you do not use the data after this time or you make the individual aware of the use of it.
The crackdown of misuse of data is on the rise. The ICO have the power to sanction businesses who fail to comply with legislation. Regulatory action can include; criminal prosecution, civil monetary penalties, non-criminal enforcement and, in some circumstances, an audit.