Various Statutory Records
Various pieces of legislation in England and Wales require the keeping of staff records. Records are required to be kept for the following:
- Hours worked under Working Time Regulations;
- Pay rates, in order to issue pay statements and meet minimum wages legislation;
- Tax and national insurance requirements;
- Holidays to comply with working time regulations;
- Sickness of more than four days and payment of statutory pay that have been made;
- Accidents, injuries and dangerous occurrences;
- Requirements under health and safety law;
- Pension details.
Practical considerations will usually require that the above records together with certain further details are kept on an employees file in soft or hard form.
Certain records must be kept for certain periods of time.
- Accident records; three years;
- Income tax and national insurance; three years after end of employment;
- Statutory sick pay and maternity leave; three years after the end of the relevant tax period;
- Wage and salary records; six years;
- Retirement benefit schemes and other viable events; six years.
Data Protection Law
Under the Data Protection Act, it is essential that the use of personal information complies with the Data Protection principles. These include, for example, that individuals must be told that information is being collected and what will be done with it. The information must be necessary. Employers must ensure there is clear and foreseeable need for all information collected. Individuals must be given a right of access to personal information held about them.
Personal information must be kept secure and confidential. The data maintenance system must be entirely secure. If there is a manual filing system, it must be locked. Electronic records must be protected by suitable passwords and security so only those employees who need to use the data can have access to it. A control must be put into the system, so it can be checked who has access to particular records.
The Data Protection Act requires that information be kept no longer than necessary for a particular purpose. It is necessary to consider the legal obligations and needs of the business in this context. Personal data must be deleted once it is no longer necessary. The data must be disposed of securely.
Personal employee data should be processed fairly and lawfully. Employees must know the purpose of the use of their data. It must be for specified lawful purposes. Data must be adequate, relevant and not excessive. It must be accurate and where necessary kept up to date. It must be disposed of when no longer required. It must be kept secure and must be protected from transfer outside the European Economic Area, unless there is adequate protection for personal data in the relevant jurisdiction.
It may be necessary to notify the Information Commissioner when personal data is processed. The Information Commissioner may issue an enforcement notice, contravention of which is a criminal offence. Employees can also seek compensation if they suffer damage or distress as a result of breach of the Act.
Under the Data Protection Act anyone on whom personal information is held can ask to access records that are kept on them. A response is required within forty calendar days. Proof of identity may be required. The forty day period runs from the date of the request. There are exceptions to the right of access. They include
- exemptions relating to information held for management and planning e.g. promotion or redundancy proposals;
- information in relation to negotiations;
- references given in confidence;
- information regarding the prevention of a crime arrest or prosecution of offenders;
- Information that may affect company shares;
- Information that may identify someone else.
Employees also have the following rights under Data Protection legislation. They may claim compensation for the loss suffered, as a result of breach of legislation. They may prevent processing of information likely to cause damage or stress. They have the right to know the logic and reasoning behind decisions taken about them e.g. psychometric tests and decisions.