Rojgar Job News

Unheralded and unannounced, recently revised GDPR guidance from the ICO removed one small source of comfort for employers facing DSARs from employees. It used to say that the 30-day time limit was paused, the clock stopped, if you asked the requester for information to clarify his DSAR and it was not provided. This was not carte blanche to delay things – the request for clarification had to be made as soon as possible (i.e. not Day 29) and it had to relate to information you genuinely and reasonably needed in order to comply with the DSAR. Still, it was better than nothing in a tight corner. You also had to do your best to comply in a timely manner with those parts of the DSAR not covered by your request for further information. However, it has now gone. The revised guidance still allows you to seek clarity from the maker of the DSAR but makes it clear that the clock is not stopped pending receipt of it. There is no explanation of why the original guidance has been changed alread...

The big-picture information about Coronavirus being issued by the Government at present is all well and good, but it does not (in fairness, cannot) address the multitude of little spin-off questions arising for employers every day. We held a webinar on this earlier this week, with members of our Employment, Commercial, Data and Health & Safety teams reflecting the sheer breath of the likely impact of Covid-19 on working society. A large number of questions were submitted through the webinar portal-thingy – in the first of a series, here are some of them and our suggested responses. However, Boris’ speech yesterday reminds us that this is not just a business problem but also a human one, and on a potentially colossal scale. The law was not designed for these unprecedented times and so it will occasionally struggle to provide a convincing answer. Let us do what we can. Are you allowed to disclose employees’ medical information to protect others, for example, by telli...

Some new clarification from the Information Commissioner’s Office yesterday about that grey area between individual privacy rights on the one hand and the public interest on the other. Against the background of the Coronavirus crisis (and perhaps recognising that any other position would be politically terminal), the ICO has made it clear that even though information about a person’s exposure to or infection by the virus is the most sensitive of sensitive personal data, disclosures of that information as necessary in the reasonable interests of wider public health will in broad terms go through on the nod. The ICO states itself in its press release to be “ a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency ”. Of course, that does not mean that the overriding principle ...

Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “ manifestly unfounded ” (and can therefore be batted away by the employer) appear two examples, where: “ the individual clearly has no intention to exercise their right of access. For example, an individual makes a request but then offers to withdraw it in return for some sort of benefit from the organisation” ; and “ the request is malicious in intent and is being used to harass an organisation with no real purpose other than to cause disruption” . There will be few employers on the receiving end of a DSAR from a disgruntled employee who would not consider either or both of those paragraphs to apply to it. So is this at last a means of pushing back against the weaponisation of DSARs in employment disputes, hooray? And if you add to that the refere...