Work to rule: The Data Protection Act, part one: personal data

What type of data held about employees is protected by the legislation?

All employers process records that relate to their workers on a regular basis, and it is very important that such processing is carried out in compliance with the Data Protection Act 1998. This article, the first in a series exploring data protection in an employment context, considers what information is covered by the act.

The act concerns the processing of personal data and sensitive personal data. Personal data means any data that relates to a living individual who can be identified from the data or from the data together with other information that is in the possession of, or is likely to come into the possession of, the organisation holding it.

The Information Commissioner has recently published Determining What Is Personal Data, which gives guidance to help data protection practitioners decide whether data falls within the definition of personal data, and suggests useful considerations. It is worth referring to, because it gives a number of practical examples of what will or will not be deemed to be personal data.

Examples of personal data likely to be covered by the act include: details of an employee's salary and bank account held on an organisation's computer system; emails about incidents involving named workers; an individual worker's personnel file when the documents are filed in date order and there is an index to the documents at the front of the file; and a set of completed application forms filed in alphabetical order within a file of application forms for a particular vacancy.

Sensitive personal data is personal data that consists of information about subjects' racial or ethnic origins, political opinions or religious beliefs, as well as details about trade union membership, physical or mental health, sexuality, the commission or alleged commission of any criminal offences and any proceedings for any offences committed or alleged to have been committed by employees.

Examples of sensitive personal data likely to be covered by the act include sickness records, drug or alcohol test results, details of trade union membership held by employers to enable deductions of subscriptions, details of disabilities to facilitate adaptations in the workplace and details of racial origin collected for recruitment purposes.

The next column will cover how data should be handled.

- Emma Burrows is a partner and head of the employment group at 


Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners

Third Sector Logo

Get our bulletins. Read more articles. Join a growing community of Third Sector professionals

Register now