The retention of personal data is mainly governed by the requirements of the Data
Protection Act, and the associated Codes of Practice. Ensure that you have clear
guidelines and procedures for document retention to ensure compliance with these, and
that managers do not keep duplicate copies of documents in separate files.
Data Protection hit the news with the loss by the HMRC of
25 million child benefit records, followed by the loss of 3 million driving theory test
candidates' data, and then the loss of candidate information when a laptop was stolen
from a Royal Navy officer's car. Have you reviewed the security of information you
send externally or keep on laptops? Read our introduction to
document retention and then our legal overview
to decide what to keep and for how long.
The Information Commissioner's Office has produced new guidance to help
employers comply with the Data Protection Act when providing employee liability
information under the Transfer of Undertakings (Protection of Employment) Regulations
2006 (TUPE). See: TUPE.
When the Criminal Justice and Immigration Act 2008 comes into force, the Information
Commissioner will be able to impose monetary penalties on those who seriously breach
the Data Protection Act 1998. In addition to this, custodial sentences of up to two years
will be introduced for unlawfully obtaining or disclosing personal information in an
attempt to deter the illegal trading of such data.
