Jump to content

Data Protection Act at work


X-Adz-X
 Share

Recommended Posts

Hey guys,

Somethings popped up at work. Today, I took a picture on my mobile of the duty rota for where I work. This rota is open for everyone to view so nothing is hidden.

However, i've been told my managers pulling me in tomorrow trying to punish my doing so, saying it's in breach of the Data Protection Act! This, I'm sure is a load of nonsense as theres no personal details on the rota except a name and a number of x's in the dates.

So, can I happily tell my manager she's having a laugh?

Thanks

Link to comment
Share on other sites

Enquire as to which section of the DPA you're deemed to have transgressed by taking this photo.

Principle 7 of the Data Protection Principles states that "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data." Thus, if the data contained within the rota is not to be disseminated or recorded, employees should be notified of this and the rota probably should not just be stuck on a wall. The Data Controller is in breach of their requirements if these principles are not being adhered to.

Edited by Sceptre
Link to comment
Share on other sites

Enquire as to which section of the DPA you're deemed to have transgressed by taking this photo.

Principle 7 of the Data Protection Principles states that "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data." Thus, if the data contained within the rota is not to be disseminated or recorded, employees should be notified of this and the rota probably should not just be stuck on a wall. The Data Controller is in breach of their requirements if these principles are not being adhered to.

That's exactly what I thought. So, they're in breach, not me?

Link to comment
Share on other sites

That's exactly what I thought. So, they're in breach, not me?

Well, I don't know where you work or what the policies are, but Data Protection tends to be (like Health and Safety) an excuse to avoid having to come up with a proper reason for not doing something or permitting someone else to do it, and often falls over upon intelligent inspection. Your employer may be perfectly correct; for specific advice tailored to your situation you should really speak to a specialist in industrial disputes, especially if your job appears to be on the line.

Link to comment
Share on other sites

Well, I don't know where you work or what the policies are, but Data Protection tends to be (like Health and Safety) an excuse to avoid having to come up with a proper reason for not doing something or permitting someone else to do it, and often falls over upon intelligent inspection. Your employer may be perfectly correct; for specific advice tailored to your situation you should really speak to a specialist in industrial disputes, especially if your job appears to be on the line.

Jobs not on the line at all, the manager must be on one as she's been picking on everything lately, the smallest of things. There's no signage or anything saying not to take pictures of the rota, but even so, it's on clear display for everyone.

Link to comment
Share on other sites

Is that all it contains? Your Name and crosses?

Because If it just has your name on it then that is not classed as personal data.

Personal Data is where you are identifiable.

If your name and place of work is visible then that Is personal data as you could be identified from it.

Or if it has an employee number on then it is identifiable.

She is walking on thin ice here... IT IS YOUR FLIPPING DATA IN THE FIRST PLACE!

  • Like 1
Link to comment
Share on other sites

If you have legitimate access to the chart then there is no DPA problems, you'd only have an issue if you decided to publish the data elsewhere.

Link to comment
Share on other sites

Hey guys,

Somethings popped up at work. Today, I took a picture on my mobile of the duty rota for where I work. This rota is open for everyone to view so nothing is hidden.

However, i've been told my managers pulling me in tomorrow trying to punish my doing so, saying it's in breach of the Data Protection Act! This, I'm sure is a load of nonsense as theres no personal details on the rota except a name and a number of x's in the dates.

So, can I happily tell my manager she's having a laugh?

Thanks

I take it that the location of the duty roster is in a secure place where only employees can view it and it is not in a place where Joe Public can see it?

If it contains names and times of when employees will be on duty then if I'm honest I would carpet you too as I couldn't be sure where that mobile phone picture would end up.

Link to comment
Share on other sites

I take it that the location of the duty roster is in a secure place where only employees can view it and it is not in a place where Joe Public can see it?

If it contains names and times of when employees will be on duty then if I'm honest I would carpet you too as I couldn't be sure where that mobile phone picture would end up.

Playing devils advocate here - If that was always your concern, then you wouldn't publish any information - Sending an email to every stands about as much threat as a mobile phone picture...

At the end of the day, if information has been inappropriately used for nefarious purposes then that is a problem, e.g for stalking someone, etc. However, if data outside the DPA is being posted in this format with no indication of protection, e.g "Do not Copy", "RESTRICTED", etc, then a carpeting would be inappropriate and the company/individual would be opening themselves up for litigation from multiple angles!

Sadly, if someone were to "carpet" me for this - I would be "carpet"-ing them right back!! :evil:

Link to comment
Share on other sites

Playing devils advocate here - If that was always your concern, then you wouldn't publish any information - Sending an email to every stands about as much threat as a mobile phone picture...

At the end of the day, if information has been inappropriately used for nefarious purposes then that is a problem, e.g for stalking someone, etc. However, if data outside the DPA is being posted in this format with no indication of protection, e.g "Do not Copy", "RESTRICTED", etc, then a carpeting would be inappropriate and the company/individual would be opening themselves up for litigation from multiple angles!

Sadly, if someone were to "carpet" me for this - I would be "carpet"-ing them right back!! :evil:

Ah interesting!

The way I read the OP's post, the information is not published in an email otherwise he would have printed it out and not took a picture of it on his mobile phone. So I think he took a picture of the duty roster which was stuck up on the wall of an employee only area at his place of employment.

What would happen if he lost his phone or it got stolen on the way home?

Edit: To add, I was trying to be cryptic in my original reply as the OP has already been carpeted because of pictures appearing in inappropriate places.

Edited by Rocket
Link to comment
Share on other sites

Ah interesting!

The way I read the OP's post, the information is not published in an email otherwise he would have printed it out and not took a picture of it on his mobile phone. So I think he took a picture of the duty roster which was stuck up on the wall of an employee only area at his place of employment.

What would happen if he lost his phone or it got stolen on the way home?

Edit: To add, I was trying to be cryptic in my original reply as the OP has already been carpeted because of pictures appearing in inappropriate places.

Sorry, I might have clouded the water with the email thing! Only brought up email stuff as an example of data leakage!!

But I still stand by what I have put, if there is no "protective marking" (not necesarrily GPMS) then unless the data is being used for dodgy purposes (stalking, etc), then I see no problem taking a photo of it. The original question and situation is about the DPA, which this doesn't appear to apply with the information given - however, I am acutely aware that there probably isn't the full story here. In terms of "protective marking" I was blathering on about earlier, consider the following angles;

  1. Corporate Sensitvity - This should be maked as "Commercially Sensitive", "Do not Copy", etc - It is the responsibility of the organisation to ensure sensitive documents are marked appropriately...
  2. Data Protection - Personal data is protected by the DPA, and is adequately documented elsewhere... along with corporate responsibility to ensure employees are aware of the DPA...
  3. GPMS - Well, if it were RESTRICTED, etc, then the organisation is responsible for marking the documentation...

So my point is, if there is really an issue here, then the organisation (including all the employees) is partly, if not totally, responsible for the protection of any kind of sensitive data. The example above suggests that duty sheet (I assume non-police), has been put up without "protective marking"...

With your example of lost phone - I would suggest the data in the address book might be more sensitive, but is still a good point nonetheless...

Well, if the OP has been posting data inappropriately, then this is an example of dodgy/nefarious purposes!! Intent and common sense has got a lot to say in this situation, if the OP just intended to use the photo for his own purposes to refer to his duty times, then I see no problem... However, I am not in receipt of the facts that suggest otherwise!

Link to comment
Share on other sites

 Share

×
×
  • Create New...