All employers handling data about employees must comply with the Data Protection Act 1998 and in particular, the eight data protection principles set out in that legislation. However, this obligation does not just apply directly to an employer but extends to all service providers who may be handling employees' personal data on behalf of that employer.
Employers are highly likely to handle employees' "sensitive personal data", as defined under the Act, in the running of their day-to-day business. Sensitive personal data includes health records and marital status so will be particularly relevant in the context of pension administration.
Employers cannot abdicate their responsibilities and must be satisfied that their service providers are compliant with the requirements of the Act. Shoosmiths outlines how this was borne out by a recent case in which the Scottish Borders Council was fined £250,000 by the Information Commissioner.
To read on, click 'View Briefing'.