BUSINES LIFE | LESSONS
Holding Employee Data — What You Really Must Know
What to do with the file you hide from others in the bottom of your drawer
Do you have a ‘special file’ that you keep locked in the bottom drawer of your desk? You know the one I mean. The one you don’t want anyone else to see! Or, more importantly, what lawyers might call ‘potential evidence’.
So, while we are on the subject of ‘evidence’, let’s discuss the information you or your organisation might hold about an employee.
This point is important because employees can ask to see all of this information that you hold. It doesn’t matter if they want to see it because they believe that you are waging some sort of conspiracy against them, or for some other, far more mundane reason.
Most people know about this. But if you didn’t, and are just about to add the following item to your To-Do list:
- Delete all emails about Jimmy Smith (especially the ones where I described him as “… as thick as two short planks!)
You should also know that emails that you have sent and then deleted later may still be on a company’s server, and may, therefore, be discoverable. So, if a case were to go to court; the employee’s solicitors may request that you provide the information.
Additionally, the person that you sent any ‘regrettably worded’ emails to, may have copied or saved them somewhere, or worse still, forwarded them on to somebody else.
So deleting emails, and then subsequently claiming that they don’t exist (or lying that they never did exist) doesn’t go down too well in court or Tribunal, when the employee’s solicitor, holds up a piece of paper and asks:
Is this the email that you are stating never existed?
One of the most valuable pieces of advice I can give is:
Never write anything in an email that you wouldn’t be happy to be read out in court!
The relevant legislation in this respect is the ‘Data Protection Act 2018(the ‘2018 Act’) and the EU General Data Protection Regulation(‘GDPR’).
In summary, the Act describes ‘Personal Data’ as:
- the information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession.
- (including) any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.
If we use the email mentioned above about ‘Jimmy’ as an example of what is likely to be covered by the Act, you can see why care is necessary.
The email, shown below was short and (well not so) sweet.
It relates to an incident that wasn’t work-related; that happened in the employee’s personal time during a lunch break; but, which potentially was now being used as evidence of their incompetence, and as a potential reason for ‘getting rid of them’ from the organisation.
To: Fred Manager
From: Joe Owner
Subject: Jimmy Smith
Hi Fred,
I just thought I’d let you know that I saw Jimmy Smith in the canteen yesterday, and I saw him pour gravy — thinking it was chocolate custard — on his chocolate sponge*!
As I’ve said many times before, he is ‘as thick as two short planks’, and will never get anywhere in this organisation.
Yours despairingly,
Joe
It relates to an incident that wasn’t work-related; that happened in the employee’s personal time during a lunch break; but, which potentially was now being used as evidence of their incompetence, and as a potential reason for ‘getting rid of them’ from the organisation.
Consider for one moment whether you have ever written anything — even remotely similar — to the above email. Have you ever been critical of, or made disparaging remarks about, an employee or colleague? Have you ever made fun of something they have done or said something that is the complete opposite of what you have said to them in person?
Surely it’s OK, isn’t it? You only emailed it to Fred, who is not only one of your closest friends but is also another manager in the company, who knows the importance of keeping things confidential.
Fred does know the importance of keeping things confidential. That’s why he only shared it with his wife, Sarah.
Sarah, however, doesn’t know the importance of confidentiality; June has ‘shed loads’ of friends; June likes Facebook & Twitter & Instagram!
Worried?
Just a little bit?
The Information Commission has produced a useful guide, which explains what sort of ‘information’ is governed by the above Act, and what is not.
Applying the guidance provided by the Information Commissioner to the email, the result would be as follows:
Question — Can a living individual be identified from the data, or, from the data and other information in your possession, or likely to come into your possession?
- Response — Yes, the Subject Line and content, make it clear that the person being described is Jimmy Smith.
Question — Does the email ‘relate to’ the identifiable living individual, whether in their personal or family life, business or profession? Is the data ‘obviously about’ a particular individual or ‘linked to’ an individual?
- Response — Yes, the content of the email related to; was about; & linked to, Jimmy Smith
Question — was the data used, or is it to be used, to inform or influence actions or decisions affecting an identifiable individual?
- Response — Yes, Joe makes it very clear — as the owner — that he does not see a future for Jimmy within the organisation
It is evident that if Jimmy asked for all of the personal information held by the organisation, which related to him, then this email would have to be released.
There are some exceptions, for example, where the organisation sends the emails to their external or internal legal advisors. But, generally, emails — or other documents — that the courts would classify as personal information, will have to be disclosed.
In summary, you may be required to release any information you hold about anyone. This is irrespective of whether the information is in a file or some other place where it can be accessed. If it is about them and is likely to inform or influence actions or decisions affecting them, you may be required to release the information.
Summary
1. Grievances are “…concerns, problems or complaints raised by a staff member with management.”
2. Never write anything in an email that you wouldn’t be happy to be read out in court!
3. If you hold any information that relates to, is obviously about, or is linked to an employee they are entitled to ask to see it.
4. Make sure that when you investigate an employee’s grievance you do so sufficiently thoroughly, fairly and without unreasonable delay.
5. Any complaint, which emanates from a manager implementing an effective, fair and appropriate performance management process, does NOT constitute a grievance.
* A personal admission — the ‘Curious Incident of the Custard in the Canteen’ was me — but I have to say that the gravy really did look like chocolate custard!
