Rate this!
Joe Law
Member - 2 posts
We manage a security access system within serviced offices and a client has requested access/exit reports that can be produced from our system. These reports identifiy the movement of clients entering and leaving the building and this client wishes to use these reports to identify and confirm when employees say they are working, particulary at weeknds and evenings.
The CO of the company has stated he will provide a letter to state that the information provided would not be used for any disciplinary action against any employee claiming they were working when this may have not been the case.
Would we be covered by this letter or are we or would we be contravening any date protection by passing on this information.
Rate this!
Nigel DuPree
Member - 146 posts
Just how much of an "administration fee" is he prepared to pay for you to extract data specific solely to his employees ?
Is this service or would this service be available to all tenants at a cost ?
And if so keen to monitor "his employees" why hasn't he fitted an entry system to "his" door to his space in a shared facility and have his employees been consulted ?
Rate this!
Martin Brewer - Mills & Reeve
Online advisor - 84 posts
If the information you collect does not already belong to the client (and it sounds as though it doesn't) then you would need the consent of the individuals in respect of whom you have the data before disclosing any DPA protected 'personal data'. The employer could obtain this consent for you (it may already have consent within it's employees' contracts of employment for example). The proposed letter is useless to you. It's not what the information will be used for that matters to you but whether you have any legal right to process the information in the way being asked. It doesn't seem to me you have, certainly not without consent as I have said and to do so would be a breach of the DPA.
Rate this!
Philip Jeffs
Member - 299 posts
I may be missing something here, but exactly what is the personal data being considered under the DP Act?
If the system simply records, presumably from a swipe card or electronic fob, when an employee enters or leaves a place of work, and has no CCTV imaging or means of providing any personal info, then how does it fall under DPA? Its hardly 'personal' info?
Whether the client is given access to the data by the building owner is then a matter for them to decide on commercial grounds, but surely this isn't a DPA issue?
Rate this!
James Fairchild
Member - 257 posts
Even if it refers to "swipe card 22489542659876" then (because that can be easily linked to a person) it becomes identifiable data. I think.
Rate this!
Philip Jeffs
Member - 299 posts
... which makes it appear that you are trying to find a reason to include it within DP, rather than ask whether when the DPA was conceived it was intended to cover such a situation? Don't get blinkered to the extent that you feel the DP always has to apply.
I'm all for protecting the personal data of an individual, but whether I attend work through a particular door or not is hardly what the DPA was first written to protect against? Unfortunately we now seem intent on using it for every occasion and its become a burden rather than a benefit.
Rate this!
Peter Daws
Member - 9 posts
I suggest that it all hinges on whether or not the client has informed his/her staff that they are being monitored and for what purpose.
If this has not been done, it should be.
0 (0)
