safeguarding information

Under the seventh data protection principle, employers must take steps to ensure that personal information is not processed in an unauthorised or unlawful way, and is not lost, destroyed or damaged.

This is likely to involve setting up systems to ensure that those who have access to personal information, such as employees who work in a management, personnel or payroll function, are aware of their responsibility to keep the information confidential and not to disclose it in an unauthorised wa y. The Data Protection Code (code of practice ) gives guidance on how employers should deal with requests they receive from outside parties for information on employees.

If an employer uses a third party to process information on its behalf, such as an individual contractor or company that provides payroll or personnel services, it must ensure that the third party also has effective security measures in place. The employer must have a written agreement with the third party that it will comply with those measures.

information commissioner

The EEF Employment Guide is intended to provide general guidance only. It does not purport to be comprehensive or to give legal advice. Users should always seek specific legal advice before taking or refraining from any action. Information and documents on this website are prepared in accordance with the laws of England, Wales and Scotland. Users accessing from Northern Ireland should be aware that different laws and interpretations may be applicable to Northern Ireland.