Sign in
Courtesy navigation
Search
Blog posts in Data protection and IT
Data protection legislation
February 21, 2012
By law, businesses must protect the information they use about their customers, clients and employees. Home addresses, bank details, invoicing and even holiday records all have to be stored and kept safe – sometimes you even need written permission to hold personal or sensitive information, such as staff sickness records.
Under EU proposals, the data protection rules that safeguard our private information are set to get tougher. Simon Goldburn explains what the changes could mean for your business.
Data protection law – set to change under tough new EU rules
EU plans are afoot to make significant changes to the way that a business deals with information it holds about an individual, to recognise that the information belongs to the individual and not the business. As a result, the individual will have the right to access, retrieve or amend the information, or to stop the business from using it, at any time.
The business will only have limited rights to use the information, and in many cases will have to agree a detailed plan with the individual setting out how the information will be used and how long it will be stored.
A business will also have to design, build and implement a system to ensure that it only uses the information in accordance with the plan and to alert the business if the information is used in any other way. The system will have to be kept under review and any breach will have to be reported “without undue delay” to the Information Commissioner’s Office and to the individual.
The Information Commissioner could then impose a fine of up to €1,000,000 (more for a larger business) and the individual could sue for any financial loss or distress that he or she suffers because of the breach. The same rules will apply across the EU, so if the business deals with an individual in another EU member state, that individual could make a complaint to the local regulator or sue in the local courts.
Where a business has more than 250 employees, or there is an imbalance between the parties such as between an employer and an employee, higher standards will be required.
The rules could be finalised in 2012, with a two-year transitional period. The Ministry of Justice has asked for comments on the proposals by 6th March 2012. Find more information in the Ministry of Justice’s paper “Call for Evidence on EU Data Protection Proposals - Regulation COM(2012)11 and Directive COM(2012)10”
Simon Goldburn is Director at Ascent Consultants.
Up the Twitter
March 08, 2011
You might think your main problem with Facebook is the sheer boredom. Oh, the relentless fun of those endless updates of daily lives – how did we survive before we knew Jade Green in Payroll had dodgy tuna for lunch?
But if you’re the boss, watch it: your staff could be sharing more than their daily diet of banality with the rest of the planet. Sneaked into that gripping account might be the killer comment about clients, customers or, heaven forbid, the management, which could empty your order book faster than the tuna’s cheeky 3pm revenge on Ms Green.
Most pitifully, you can’t rely on anyone you know to be too bored to read it – or forward it. Especially not in work time or if it’s properly rude/funny. As lawyers are fond of quoting, “A good name, like good will, is got by many actions and lost by one” – from Victorian judge Francis Jeffrey, who knew the value of a Tweet-length message to business about Facebook, Twitter and LinkedIn before his time.
Your staff probably use these forums to communicate, if not to work. This has blurred the distinction between personal and work life and created much legal strife. The latest case in this area ended up at the Press Complaints Commission (PCC), who ruled a civil servant’s grumbles to her mates on Twitter about Dept of Transport cuts and a punishingly late night in the pub were “public”. Like many of us, the bleary Miss Baskerville didn’t realise we live in a public age but the Daily Mail did and she and the Dept of Transport ended up with more than a hangover.
While it might seem mean to haul a whingeing worker into court, not to mention a bit unnerving for anyone employed who isn’t on Prozac, the fact remains this employee embarrassed and discredited her employer. As social media users grow ever faster in the UK, so does the risk of this happening to your business. Like it or not, you need to take action – but what can you sensibly do without impinging employees’ privacy?
There’s no need to monitor every communication. Apart from the agonizing tedium, it’s intrusive and probably illegal. If you must, monitor it in a way that is compliant with data protection and privacy laws; for instance, you must tell everyone you are tapping their channels. Instead, create a wide-ranging social media policy from your organisation for employees and freelancers. Make sure they read it; if you don’t communicate with them they may be able to waltz off with your most valuable clients contacts, if not worse.
Explain what business information is confidential. That probably includes mailing lists, finances and new products as well as client details and computer passwords. Don’t put temptation in anyone’s way; limit access to anything juicy to those who need it and set up your IT to block exits of confidential information from your server. Remind staff that once confidential material is gone, it’s gone forever.
Tell the staff, where you can, that contact lists are yours. That covers client and mailing lists as well as your employee’s LinkedIn account. State your ownership clearly where you can – wherever they originated from. If your most useful lists contain contacts employees have introduced to the firm or brought with them, case law suggests that the whole list belongs to your firm – make this clear to staff who may, not unreasonably, believe lists containing old friends or trusted freelancers are ‘theirs’. Include this clause in employment contracts too.
Keep work phones, blackberries and ipads for professional communications only. Yes, it’s joyless – no, you don’t need to be held liable for an employee’s rudeness, harassment or bullying. Unlawful treatment of others also applies to online communication. Add this clause to your equality policy too.
Don’t let staff be rude about your business online, ever. Think about whether you can cope with identifiable staff commenting on their working life in a forum. If you can, be very clear that you won’t tolerate criticism about customers, clients or products. Include examples, such as the Facebook addicts at British Airways who were fired for declaring happy holidaymakers “fat and smelly”.
Once you’ve established a policy, employees will be clear about what they can and can’t say and be more likely to do it; they will also know they can face disciplinary action for breaching it, which should improve the safety of your business reputation and information. End of status update.
Georgina Harris, Law Donut editor
The Dos and Don'ts of social media: guidelines for your employees
January 04, 2011
The heart of the term social media is the word 'social', suggesting that the online world is for interacting, communicating and sharing knowledge. The aim of having social media guidelines for your business is that they should mirror this mindset with the idea that employees should behave as they would do in the offline world — with inhibitions, decorum and common courtesy. This is especially so as it is still common for people to alter their online and offline personas. Many still use the internet as an outlet for airing their thoughts with little consideration of the severity and long term effects of their actions. This is not to say that employees cannot be trusted, instead they can be positively guided to utilise their talent and act in a way which protects their own and the company’s online reputation. Some do's and don’ts for setting up social media guidelines for your employees are listed below:
1. Do choose trust and empowerment.
Social media use can instill fear and angst in the minds of businesses. Most instantly assume employees cannot be trusted or will not act in the company's best interest. Nevertheless, they must learn that the paradigm shift is here to stay. Rather than fretting about the potential negatives they must realise its benefits. It is never a good idea to set stringent controls on social media in the workplace or via guidelines. Banning social media in the workplace or heavily restricting use could result in a backlash. Employees are potential social media representatives and to make social media work properly across the enterprise they must be empowered to leverage social media in support of the brand and its products. Therefore guidelines should protect and advise on social media, not control or restrict.
2. Don’t forget to cater for all platforms.
This includes blogs, forums, message boards, social networks (Facebook, Twitter, LinkedIn etc), user generated content (ie YouTube, Flickr etc) and any other relevant channels. Create an individual framework for participation in various online communities. Covering all platforms avoids any confusion or loopholes, increases social media presence and identifies how social media channels overlap (ie status updates, uploading photos and friend/connection requests). Social media guidelines could include how to use each platform for business and personal use, how to utilise each platform’s functionality and suggestions on the most appropriate behaviour for each platform.
3. Do stress the importance of privacy and confidentiality.
It is essential to outline what information is regarded as private, confidential and sensitive, and which should never be disclosed in any circumstance. The next step is outlining how to behave when something is a grey area ie tweeting about a new client project — does the client want to be mentioned and is the project 100 per cent finished? Hold a team meeting at the beginning of each week to identify tweetable topics or assign a person as point of contact to give consent on disclosing potentially sensitive information. Privacy should also extend to client information, geolocation check-ins, other brands and competitors.
4. Don’t diminish personal responsibility.
It needs to be stressed that posting content online becomes permanently available thus you are accountable for your own reputation and digital footprint. Your online relationship changes and becomes even more essential as soon as you identify that you’re an employee of a firm or speak in any kind of professional capacity. Therefore, disclaimers should be encouraged to make it clear that you are an employee of a firm, but are interacting on behalf of yourself and not the company. It should be made clear that this doesn’t give a person a reason to be dishonest, rude or inappropriate. If someone would like to represent the company on a deeper, professional level there should be a point of contact or training offered to do so.
5. Do persuade employees to add value.
This leads onto thought leadership. Social media is about people, not logos. If employees want to communicate in a professional capacity then put suitable guidelines in place to cater for this. Guidelines for acting on behalf of the organisation should include:
- obtaining official backing from an assigned point of contact (see point 3, above)
- how to define purpose and outcomes which fit with the business’ objectives
- how to create valuable and unique content (ie blogging, forum participation)
- how to respect and engage with your target audience.
By encouraging employees to demonstrate the depth and breadth of their expertise with information tailored to your clients’ needs, it can help position your company as a leader and trusted resource.
Overall, the ideal guidelines should protect the reputation of the company on all platforms, be in line with the company's vision and act as a best practice engagement strategy.
The IT Donut is born
August 26, 2010
After a lot of hard work, more than a few donuts consumed, and assistance from a whole bunch of helpful experts, we're really pleased to announce that the IT Donut has launched.
We're really excited about getting our new site out in the world, so head on over to http://www.itdonut.co.uk to get your fix of IT advice and information for small businesses.
What do you think?
To use a bit of IT jargon, the IT Donut is currently version 1.0. We're pleased with it, but we're still looking for feedback and help so we can make it even better.
If you have any comments on the information the site contains, or how it looks and functions, send a quick email to info@itdonut.co.uk. Alternatively, leave a comment on the website to tell us what you think.
Be one of our experts
We're also working hard to expand the information on the IT Donut. To do this, we're recruiting IT experts to help us.
If you're knowledgeable about any area of IT, we'd love to hear from you. Again, just send an email to info@itdonut.co.uk and we'll see how we can get you involved. In return you'll get exposure on the site, plus the warm feeling that comes from knowing you've helped out lots of small businesses.
John McGarvey, IT Donut editor
When bonuses turn bad
May 07, 2010
I read recently that Portsmouth FC manager Avram Grant expects to have his first-choice team available in the FA Cup final after his key players indicated a willingness to waive the lucrative bonuses in their contracts.
To stunned audiences nationwide, Portsmouth thrashed Spurs recently and will play the Wembley final on May 15. The players’ bonuses were contracted to kick in if/when the Club reached the final.
But Portsmouth is in financial turmoil – it went into administration in February with, apparently, debts of £70 million. This leads me to wonder why the club would even offer players contracts that offer cash payments ranging from £50,000 to £100,000 in the first place.
Perhaps the club felt they needed to offer bonuses to lure top class-players away from the glittery clubs and expensive shops in London. Or maybe Portsmouth didn’t really expect to get so far in the FA Cup and were confident that the bonus clauses were good window-dressing that they’d never have to pay out. Whatever the Club’s reasoning, it’s a strategy that has backfired, and put them under even more money pressure.
This should be a warning to small businesses suffering their own money troubles. Employee perks and bonuses can be an effective way of attracting and retaining employees, eventually improving business results. But cash payouts, as well as the most common incentives, such as company cars, season-ticket loans and gym membership, can prove costly.
If you’re struggling, remember that before offering remuneration packages you should take into account how appealing any bonuses will be to potential employees – and also much it costs to provide, then administer them.
If your firm still has incentives to fulfill under your employment contracts, you may have to rethink. Negotiating discounts with local suppliers is a clever way for businesses to continue to provide great employee benefits – for example, you could negotiate a group-rate gym membership with a local firm. Small firms should also consider offering low- or no-cost opportunities such as flexible working, which employees may value more than a pricy perk.
However, don’t be too mean - it’s essential for small businesses to balance an exciting remuneration package that attracts the best candidates with the long-term financial considerations of the business. Otherwise when your big day comes round, you may find your best players are missing.
There are legal considerations to take into account when offering benefits such as flexible working. Make sure you keep up-to-date on the Law Donut.
Legal resources for you and your business - employment law, personal law and more | Law Donut
Copyright © 2009-2012
