Legislation exists to regulate the processing of information relating to individuals within their place of employment.
The data protection law provides employees with certain rights, in respect of data, which is held by their employer.
There is an Information Commissioner with wide enforcement powers and procedures in place, designed to ensure that employers comply with the provisions of the law and also prevent breaches of the law by, what are described as 'data controllers.'
Data controllers can only process personal data in accordance with the data protection principles and procedures laid down. In the workplace data protection relates to any data that employers might collect, and keep, relating to their workers. This can include both job applicants and employees, and all other associates of an employer who perform services for them.
Most of the normal day-to-day information that is utilised by an employer about a worker or employee is likely to fall within the scope of the legislation and the Code of Practice. Individuals about whom information is held are called data subjects.
They currently have the right to subject access, the right to prevent processing likely to cause damage or distress, the right to seek compensation if they suffer such damage and the right to take action to rectify, block, erase or destroy inaccurate data.
There are, therefore, regulations and procedures on collecting and keeping employment records, including sickness and absence records, equal opportunities monitoring and discipline, grievance and dismissal information.
In essence there is now extensive regulatory provision for all aspects of the storage and access to information held by employers about employees.