Data Protection among Employees Essay Example

Data Protection among Employees Essay Example Data Protection among Employees Essay Data Protection among Employees Essay P5, P6 AND M2 An employee working within the HR department at Dominos became frustrated when she found out that men working within the organisation were being paid more than women who were working in the same role. She decided that the best way to deal with this situation was to email all staff within the organisation and send documents proving her findings. These documents contained sensitive employee information (personal details: address, bank account and salary etc.), all staff were outraged, and the employee was dismissed immediately. The implications of the employee’s actions span across legal, ethical and operational issues in relation to the use of business information. LEGAL ISSUES Legislation (law) is outlined by the government and businesses need to enforce this when handling information. There are various amounts of legislations that protect, pertain to and manage business information. An example would be the Data Protection Act (1996). The Data Protection Act 1998 protects the information held about people from being misused. Another would be the similar and newer regulation The General Data Protection Regulation. There are 8 major principles of the Data Protection Act, these principles require that personal information is: 1. Processed fairly and lawfully 2. Processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose 3. Adequate, relevant and not excessive 4. Accurate and, where necessary, kept up to date 5. Kept for no longer than is necessary for the purpose for which it is being used 6. Processed in line with the rights of individuals 7. Kept secure with appropriate technical and organisational measures taken to protect the information 8. Not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred The General Data Protection Regulation (2018) comes into effect on 25 May 2018. The GDPR builds on existing data protection law to strengthen the protection of individuals personal data. Personal data a business might hold includes: Employee records Customer databases There are stricter rules for sensitive personal data: Sensitive data continues to include information on racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, and information on sex life or sexual orientation. Genetic or biometric data are also sensitive data. Dominos must follow this act and make sure that all obtained customer and staff information is secure, relevant and accurate. At Dominos they collect â€Å"personal information such as your name, address, telephone number and email address as provided by you when you register to My Domino’s or place an order with us† . The employee broke the Data Protection and General Data Act by disclosing sensitive employee information such as financial and personal details to other staff. This is puts staff at risk of fraud and other financial crimes. In this case Dominos have failed, they have failed to maintain the Data Protection and GDPR and have allowed an employee to leak sensitive employee information this can have several major implications on the business staff morale and cohesion as inter-staff trust is likely to be weakened after this event, which can likely take a toll on business performance and therefore sales. Most important employees have now lost trust in the busine ss, it was Dominos job to keep their information safe and yet it got disclosed and spread in a public manner despite the woman’s perceived good will. In order to make employees feel safe and to prevent something similar from happening again, Dominos must implement new organisational policies pertaining to the protection and security increase of employee information. The Freedom of Information Act (2000) allows any individual or business to request information held by a public authority. E.g. Nottingham City Council and Nottingham County Council. In Domino’s privacy policy it outlines the fact that all customers â€Å"have a right to request access to or rectification of your personal data which we hold about you. You also have a right to erase your personal data, to restrict the processing of your personal data and the right to receive your personal data that you have provided to us and to transit such personal data to another data controller†. It was in the employee’s rights to request pay information of both male and female workers within the business but she The Computer Misuse Act (1990) Businesses have to ensure they protect business information. The act splits into three different sections and makes the following illegal: Unauthorised access to computer material Unauthorised access to computer systems with intent to commit another defence Unauthorised modification of computer material ETHICAL ISSUES Ethical issues refer to the codes of practice that exist in businesses to maintain ‘moral principles concerning acceptable and unacceptable behaviour by businesses’. They maintain these ethics on: Use of Email Whistle-Blowing Organisational Policies Information Ownership All businesses have codes of conduct on the correct use of email within the business. These codes often refer to how much and what you can send on email. Examples of expected emails would be: To send business information to staff To send a memo To send a notice of business meetings To distribute news To share basic information to a large group of people Examples of email against most email codes of conduct would be: Personal emails Large amounts of information/documents, to a large number of people Inappropriate content Personal Conversations Sending Confidential materials Dominos doesn’t not have open evidence of internal email codes of conduct however, in order to run the business as smoothly as possible they more than likely use a number of the aforementioned rules. The employee definitely broke these rules by sending confidential materials to the whole Dominos does have codes of conduct pertaining to the customer, they make sure to let customers know that they can unsubscribe from receive promotional materials from Domino’s via email.