Recording, Analysing and Using Human Resource Information

Unit No : 3RAI

Name : Firdaus Bustamam

CIPD No : 55566165

Word Count:
 Briefing Note

Amazon is a giant retail online market in the world. Being a online company it is imperative
that Information Services (IS) and the collection, collating, analysing, storage analysis and
usage thereof is optimally conducted and communicated, effective communication being the
foundations for any organisations publication of its policy, strategy in reaching its employees,
stakeholders and interested parties. good two-way communications is required to keep all
interested parties informed of policies, plans and to illicit valid, valued reactions and input to
management’s proposals and action. Valerie Anderson (1) points out that all organisationally
based HR investigative enquiries make use of qualitative data which is only effective when
thought is gone into how it is going to be managed and analysed thereby ensuring consistency
in methodology in data-gathering and analysis processes. Inaccurate collection can impact the
results of a study and ultimately lead to invalid, misleading results and vary in evaluation.

Two reasons, amazon needs to collect HR data:

Legal requirements: To prove that the organization is hiring at an equal opportunity standard,
also, to ensure that and prove that any firing done by the company is done for the right
reasons and is readily available to prove that.
Supply management information: To make sure that decisions made regarding the manpower
planning and Training are based on actual needs.

Martin, Whiting and Jackson (2) points out seven reasons: satisfying legal requirements
providing informed decision- making recording contractual arrangements and agreements
keeping contact details of employees providing documentation in the event of a claim against
the organisation providing information for consultation requirements for due diligence should
a business transfer ,other reasons include: accurately accessing levels of productivity and
performance monitoring absence levels, employee turnover, sickness, accidents, lateness,
discipline etc. enabling timely and appropriate responses organisational record-keeping,
induction, recruitment and selection procedures/ results, terminations, equal opportunities
issues, training and development

http://www.hrmasterkey.com/2014/08/25/data-collection-in-hr/

Two Types Of Amazon Data Collected and How Each Supports HR Practices;
1. Statutory Records – Such as tax, national insurance contributions, sickness and SSP,
hours worked and accident book. These types of records ensure that the HR
department is compliant to all of the regulatory requirements.
2. Organisational Records- to include all recruitment documentation, absenteeism
records, staff turnover and learning & development. These records are essential to all
HR departments as it allows them to monitor staffing levels and recruit when
necessary. Staff sickness is monitored very closely to help with productivity & ensure
there are no underlying management issues hiving these monitoring processes in place
will in turn help staff to maintain a high level of efficiency and in turn benefit the
business and their own personnel development.

Two methods of storing records and the benefits of each:

1. Manual record keeping
2. Electronic record keeping
Amazon is using combination manual and electronic record keeping. But in most cases, such
as Holiday record, employee performance, employee absences, etc are kept in electronic
record.
Electronic record keeping system - making it easier to capture information, generate reports
and meet tax and legal reporting requirements.
There are a number of benefits of an electronic or manual record keeping system.
Electronic record keeping
Amazon use accounting software programs to simplify electronic record keeping, and
produce meaningful reports. There are many other advantages to using electronic record
keeping, as listed below.
Advantages
- Helps amazon to record business transactions, including income and expenses,
payments to workers, and stock and asset details.
- Efficient way to keep financial records and requires less storage space.
 - Provides the option of recording a sale when you raise an invoice, not when you
receive a cash payment from a client.
- Easy to generate orders, invoices, debtor reports, financial statements, employee pay
records, inventory reports.
- Automatically tallies amounts and provides reporting functions.
- Keeps up with the latest tax rates, tax laws and rulings.
- Many accounting programs have facilities to email invoices to clients, orders to
suppliers, or BAS returns to the Australian Taxation Office.
- Allows users to back up records and keep them in a safe place in case of fire or theft.

Manual record keeping

Amazon uses manual use a simple, paper-based record keeping system for some information.
There are certain advantages to using manual record keeping, as listed below.
Advantages:
- Less expensive to set up.
- Correcting entries may be easier with manual systems, as opposed to computerised
ones that can leave complicated audit trails.
- The risk of corrupted data is much less.
- Data loss is less of a risk, particularly if records are stored in a fire-proof
environment.
- Problems with duplicate copies of the same records are generally avoided.
- The process is simplified as you don't need to be familiar with how accounting
software calculates and treats your information.
- Streamline your manual record keeping
- Sort and store all paperwork, receipts and payments in 12 separate months.
- Keep all original documents and date all correspondence.
- Record all transaction dates and payment amounts.
- Save all online financial transactions by month and financial year in your inbox and in
a separate folder on your hard drive.
- Backup all electronic records on an external hard drive or other storage device other
than your computer's internal hard drive.
- Capture nearly all of your income and expenses in statements from both your bank
and credit card accounts.
- Request that all statements and bills be sent on a monthly basis - allowing you to
reconcile all financial records each month.
Two essential items of UK Legislation relating to the recording, storage and accessibility
of HR data.
- General Data Protection Regulation 2018
- Freedom of Information Act 2000

General Data Protection Regulation 2018

Data protection issues have an impact on most HR activities, from handling recruitment and
employer references to employee record-keeping and performance monitoring. So, it's crucial
that employers have a solid grasp of data protection principles and law, understanding how to
manage data responsibly while keeping up-to-date with legal developments.
Data protection laws protect individuals from the misuse of information about them. The
rapid spread of the internet and ownership of electronic devices made it easier for data to be
collected and modernised legal provisions are needed to limit data spread only to those who
need to know.
Information is easily transferred nationally and internationally, making data protection a
complex global issue. For example, HR systems can be cloud-based with international
servers. Any worldwide company, for example US or Russian based can hold data on UK and
other European citizens.
Data protection affects most HR activities, from recruitment and references to employee
record-keeping and performance monitoring. Data must be managed responsibly with sound
current knowledge of all data protection principles.
https://www.cipd.co.uk/knowledge/fundamentals/emp-law/data-protection/factsheet

Freedom of Information Act 2000

The Freedom of Information Act 2000 provides public access to information held by public
authorities.

It does this in two ways:

public authorities are obliged to publish certain information about their activities; and
members of the public are entitled to request information from public authorities.
The Act covers any recorded information that is held by a public authority in England, Wales
and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held
by Scottish public authorities is covered by Scotland’s own Freedom of Information
(Scotland) Act 2002.

Public authorities include government departments, local authorities, the NHS, state schools
and police forces. However, the Act does not necessarily cover every organisation that
receives public money. For example, it does not cover some charities that receive grants and
certain private sector organisations that perform public functions.

Recorded information includes printed documents, computer files, letters, emails,

photographs, and sound or video recordings.
The Act does not give people access to their own personal data (information about
themselves) such as their health records or credit reference file. If a member of the public
wants to see information that a public authority holds about them, they should make a data
protection subject access request.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Organisation is a start-up tertiary Private Limited Company, non-domiciliary supported living

Agency. Being a start-up company it is imperative that Information Services (IS) and the
collection, collating, analysing, storage analysis and usage thereof is optimally conducted and
communicated, effective communication being the foundations for any organisations
publication of its policy, strategy in reaching its employees, stakeholders and interested
parties. good two-way communications is required to keep all interested parties informed of
policies, plans and to illicit valid, valued reactions and input to management s proposals and
action. Valerie Anderson (1) points out that all organisationally based HR investigative
enquiries make use of qualitative data which is only effective when thought is gone into how
it is going to be managed and analysed thereby ensuring consistency in methodology in data-
gathering and analysis processes. Inaccurate collection can impact the results of a study and
ultimately lead to invalid, misleading results and vary in evaluation impact along a continuum
from quantitative methods and at the other end are Qualitative
methods.Information Collection can be either Primary or secondary, for our purposes focuses
on Primary Collection: Observation Interviewing Mail surveys Experimentation Simulation
Projective techniques categorised as: Strategic- for consumption by the board of directors, to
inform the companys direction. Tactical used by middle-management to determine budgetary
demands Operational periodical update, (monthly) to ensure the business is operating within
budget Gower (2) acknowledges that IS technology is continually advancing, becoming
redundant quickly and recommends a methodology, (quantitative or qualitative) be
established to ensure correct choices in its design, development and implementation, to
ensure optimum Process control, Logistics, Financial, Communication, Resource
management, Marketing , Sales and Service delivery systems to fulfil two important
functions: Operational information task-orientated Management Information -identifying
when things are not working optimally, need improvements, change or redundancy.The
Quantitative data collection methods rely on random sampling and structured data collection
instruments that fit diverse experiences into pre-determined response categories, producing
results that are easily summarized, compared, and generalized. Qualitative data collection
methods play an important role in evaluation by providing information useful to understand
the processes behind observed results and assess changes in peoples perceptions, usually used
to improve the quality of survey-based quantitative evaluations by helping generate
evaluation hypothesis; strengthening the design of survey questionnaires and expanding or
clarifying quantitative evaluation findings. Regardless of the data involved, qualitative data is
time-consuming with thorough, accurate and systematic recording of any potentially useful
data observing the efficient, effective and ethical principles. Different ways of collecting data
are useful for different purposes, each having advantages and disadvantages, influenced by
collection method, questions being investigated, resources, and timeline amongst others.1.1
Why organisations need to collect and record HR data
Martin, Whiting and Jackson (3) points out seven reasons: satisfying legal requirements
providing informed decision- making recording contractual arrangements and agreements
keeping contact details of employees providing documentation in the event of a claim against
the organisation providing information for consultation requirements for due diligence should
a business transfer ,other reasons include: accurately accessing levels of productivity and
performance monitoring absence levels, employee turnover, sickness, accidents, lateness,
discipline etc. enabling timely and appropriate responses organisational record-keeping,
induction, recruitment and selection procedures/ results, terminations, equal opportunities
issues, training and development

The three most important reasons for our organisation are:

Legal RequirementsProvision of information to make credible decisions.The old adage goes
knowledge is power, and, Martin, Whiting and Jackson (3) adds knowledge and information
are the lifeblood of good decision-making for organisations. The provision of information on
such vitals as Absenteeism, Change Management, Customer Service Surveys, Staff Surveys
and Feedback, can prove to be the life or death and remains key to the underlying purpose of
HR Professionals.Recording Contractual Arrangements and AgreementsRecorded
agreements are binding, necessary for clarity, and, for legal enforceability. 1.2 The range and
type of information collected by HR Professionals which we shall be collecting within our
organisation to support good practice and have a service which is fit for purpose, will be
some of the following: Payroll Absenteeism Records Performance Records Time and
Attendance Training- Learning and Development Records Candidate Selection Records and
systems Health and Safety Records CRB checks Medical Records and Certificates amongst
others (See sample forms in appendix table 5)Since successful HR Planning attempts to relate
an organisations current and future requirements to the suitability of the available workforce,
ethos and resources, the above are key in establishing and aligning HR Policy to overall
Corporate Strategy, Identity, goals, culture and priorities. Our organisations approach will be
a balance of Soft| HR with hard HR to maintain and achieve a valued organisational culture
conducive to sustained business growth whilst maintaining a loyal and productive workforce
and Stakeholders.Health and Safety RecordsValerie Anderson (1) noted statistics provided by
HSE of employees injured at work in 2001-2002 were grossly underestimated by flawed legal
reporting requirements so only 43% of employee injuries were reported.Absenteeism
RecordsThe CIPD Absence Management Annual Survey Report 2012 utilised below
highlights this. Training and development Records With a view to maintaining and keeping
our talent base at the optimal level we shall be ensuring that all training needs are identified,
rationalised, discussed and fulfilled within the companys budget and have already
investigated, are sourcing and putting in place training programmes and opportunities which
are cost effective though providers such as LearnDirect, Vision2 learn, local free providers,
The Job Centre and other such agencies to provide necessary training as attached:Candidate
selection Records and Systems /Exit Interviews and Retention Ratios. It is vitally important
that these are kept for obvious reasons including legal challenge and possible tribunal
proceedings and has been so noted by our organisation. 2.1 Haines and Petit (1997) defines
HR Information Systems, (HRIS), as a system used to acquire, store, manipulate, analyse,
retrieve and distribute pertinent information about an organisations human resources. There
are numerous such systems, and, although older, well established organisations may still have
paper-based items such as original job-applications, contracts of employment, letters etc.,
systematically filed for security, Charles Leatherbarrow (4) points out the increasing
necessity for information becoming more systematic, factual and information-based. Taylor
(5) (2008) encompassing Parry and Tyson (2007) goes further highlighting the reliance of
computerised information-systems enabling HR Practitioners to improve planning-
monitoring, psychometric- testing, employee-development, absenteeism, turnover and pay
which : provides a reliable basis for strategic decision-making supports services to line
managers and provide guidance and advice to Line -managers is easily backed-up,
transferable, accessible and portable as below:Whichever system is utilised the fundamentals
remains the same:
http://www.acas.org.uk/media/pdf/c/a/Acas_Personnel_data_record_keeping-accessible-
version-July-2011.pdf Accuracy, reliability and consistency Confidentiality Economical
adaptability with consideration given for computerised or manual, location, document design
and security, (see link below). Our approach to encryption 2.2 As already stated, legislation
play a vital role in data collection, analysing and usage. Key pieces of legislation to be noted
are: The Data Protection Act 1998, * (see table below for protected rights) The Freedom of
Information Act 2000, The Health and Safety Act, amongst others. Privacy and Electronic
Communications (EC Directive) Regulations 2003 (SI 2003/2426) The Regulation of
Investigatory Powers (Acquisition and Disclosure of Communications Data: Code of
Practice) Order 2007 (SI 2007/2197) The Data Retention (EC Directive) Regulations 2009
(SI 2009/859) Data Protection Directive 95/46/EC Privacy and Electronic Communications
Directive 2002/58/ECThe Data Protection Act.The organisation is under a legislative duty to
ensure that all information held is confidential, privileged, and securely stored, (see ICO
recommendations in Table 4 below), and has a further duty to register a nominated person as
its Information Officer with The Information Commissioners Office. Failure to do so can lead
to financial sanction. Whilst the employee may have access to inspect, view and challenge
information being held on them, dissemination to third parties are strictly monitored, only
sanctioned with the employees explicit written consent. Practical guide to IT security (pdf)
Guide to data protection: information security Freedom of Information Act 2000 Sections 45
& 46 concerns the discharge of Public Authorities functions under Part 1, and the
management of records, firstly the act establishes the right of any person making a request to
a public authority to be informed in writing whether or not the authority holds the
information sought and if it will supply that information, (subject to specified exemptions),
and secondly it requires them to make available information they hold and to publish a
publication scheme which sets out the categories of information they intend to make readily
available. Any information imparted must be efficiently and effectively stored and recorded.
This is particularly cogent with regards to Local Authorities, Housing Associations, Medical
Centers, etc

3.1 As the organisation is in its infancy, I have chosen to use CIPD report cipd Annual
Survey Report -Absence Management 2012 (8) for analysis.
https://www.simplyhealth.co.uk/shcore/sh/content/pdfs/cipd_survey_2012.pdfAs previously
stated Absence Management is essential in providing HR Planning in relations to the
organisations current and future requirements and adequately linking the suitability of the
current or available workforce with current and projected productivity. The causal impact
absenteeism has not only on the culture, structure, moral, individual performance, staff-
retention, staff- turnover and obvious financial planning and financial resources is
instrumental. Analysis of the report showed the following: (as illustrated in chart and
tableform below) absence levels average employee absence showed a continued falling trend
over the previous two years, largest reductions being in private services and the public sector,
but, with high variations across organisations. Public sector absence were at their lowest
since records began, absences was greater in public and non-profit sectors, with manual
workers having on average one day more absence than non-manual workers. length of
absence short term absences of up-to seven days accounted for two-third cost of absence less
than half of employers monitored cost of absence, with the public sector and larger
organisations more likely to do so, where reported cost were falling. occupational sick pay
was provided by most surveyed, with variations in the period occupational sick pay was
provided amongst organisations causes of absence minor ailments primary cause of short-
term absence, long-term absences most commonly due to stress, acute medical conditions,
mental ill health, musculoskeletal injuries and back pain work-related stress- two-fifths of
employees reported an increase managing absence- almost all surveyed had a written
absence/ attendance management policy the statement of fitness to work universally used
across all sectors, but, only one-tenth believed it helped reduce absence levels Employee
well- being gradual increase in employee well-being strategy, over 50%, with access to
counselling- services and employee assistance programs, with success varying considerably
across sectors, spend levels virtually unchanged. Employee absence and the recession two-
fifths of public sector organisations reported redundancy strategy over the short-term and a
marked increase of employees attending work ill over the last year. abolition of Default
Retirement Age was negligible, except to increase flexible- working practices.I choose to
concentrate on three aspects of the report Average level of employee absence over three years
2010, 2011, 2012 Average level of employee absence over sector breakdown The effect of
workforce sizeanalysed in chart-form below. Average level of employee absences, by sector
for all, manual and non-manual employees tables below Analysis revealed that most
organisations record their annual absenteeism rates, recognising its importance and
fundamental impact on the business and there was a small rise in reporting, with public sector
more likely to do so 94% , private services: 73% , manufacturing and production and non-
profits 86%. The charts and table s identifies clear falls in the levels of absenteeism across all
platforms with an on- average decline of one day per employee, but with wider variations in
the public sector where the drop was 1.2 days on 2011, 1.7 days on 2010, and 1.8days on
2009 and was at its lowest since records began, results mirrored in the private sector.
Comparative analysis showed the annual absence cost per employee decreasing annually, but,
with considerable variations across organisations, and, reporting thereof showed little change
from previous years- (2012: 40%; 2011: 42% ; 2010: 45%; 2009: 41%) in my opinion, the
trend could be down to available knowledge, limited resources, apathy, inertia, or
ignorance.The public and non-profit sectors reported higher costs of absence than the private
sector due partly to long-term absence and their more generous sick pay schemes. This would
be of particular concern to any HR professional, and a causal link should be identified and
embedded into future strategy including Absence Management Policy, Employee Wee-being
Strategy, organisation culture and value structure, and Presenteeism strategy.
ConclusionsDifferent ways of collecting and evaluating data are useful for different purposes,
and each has advantages and disadvantages. Various factors will influence choice of a data
collection method: the questions you want to investigate, resources available to you, your
timeline, and more, and if one is not careful and through, the collection of any such data
could quite easily be tainted by unprofessionalism.
(http://dmc.umn.edu/evaluation/data.shtml.HR Professionals should always follow
Professional Ethics and Good Practice policies in the recording, storing and analysing of HR
information if that information is to prove useful in strategic planning, culture development
and organisational value. RecommendationsIn order to collect data that is relevant and useful
for any strategic and meaningful analysis a number of question needs to be asked and
reconciled before our data collection can begin. We must decide on the purpose for
collection, the type of information that is required, the methodology to be employed and the
impartiality of the collector/ researcher. Once we have resolved such necessaries we must be
confident of all the current legislation, practices, directives and industry standards relevant to
go practice.With reference to the analysis of Absenteeism, more organisations of all structure
and make-up must make a concerted effort to understand the importance of the annual
absence cost per employee of employee absence if the organisation is to truly understand and
remedy Absenteeism and replace it with a culture of Presenteeism where well-being and
contributions of employees are recognised and valued. Lastly and very importantly thought
must be given to the storage and security of the collected data, so a relevant, on-going,
frequently up-dated policy must be in place with reference to data collection. Appendix -
Supplementary InformationTable of Statutory retention period with reference to data held by
employers.ICO recommendations: What security measures should I take to protect the
personal data I hold?The Data Protection Act 1998Table. 5 Examples of some HR records
(adopted from ACAS template Induction checklistIt is good practice to let the new starter
have a copy of this list this enables them to follow what is happening and will act as a
reminder of anything missed or that needs particular attention. It should be the responsibility
of both management and new starter to ensure that all relevant items are properly covered
during the induction period.Name date of starting.Induction completed (signature of new
starter) DateCarried out byCommentsReception Received by Personnel documentation and
checks completed: P45 NI number Swipe/security cardIntroduction to the company Whos
who History Products/services/markets Future plans and developmentsTerms and conditions
of employment Written terms and conditions issued Contract of employment issued Hours,
breaks, method of payment Holidays Clocking on/flexitime/reporting procedures
Probationary period Period of notice Sickness provisions Pension provisionsEqual
opportunities policy and worker development Training provision Further education/training
policies Performance appraisal Promotion avenues Worker/employer relations Trade union
membership Other worker representation Worker communications and consultation
Grievance and disciplinary procedure Appeals procedureDateCarried out
byCommentsOrganisation rules Smoking policy General behaviour/dress code: Telephone
calls Canteen/break facilities Cloakroom/toilets/lockersHealth and safety Awareness of
hazards any particular to type of work Safety rules Emergency procedures Clear gangways,
exits Location of exits Dangerous substances or processes Reporting of accidents First aid- to
include First aid Officer Personal hygiene Introduction to safety representativeWelfare and
worker benefits/facilities Sports facilities Protective clothing supply, laundry, replacement
Medical services Savings schemes (including share options) Transport/parking arrangements
Company discountsThe job Introduction to manager/supervisor Requirements of new job
Standards expected Co-workers Supervision and work performance appraisalsTable 5 Sample
HR documents collectedTable 5 Sample HR documents collectedTable 5 Sample HR
documents collectedTable 5 Sample HR documents collectedTable 5 Sample HR documents
collectedTable 5 Sample HR documents collectedTable 5 Sample HR documents
collectedReferencesNoAuthor/ FigTitleEditionPublisherYear 1Anderson, ValarieResearch
Methods in Human Resource Management 1st EditionCIPD Publication20042Edited by
Dennis LockThe Gower Handbook of ManagementFourth EditionGower Publishing
Limited19983Martin Malcolm, Whiting Fiona and Jackson TriciaHuman Resource
Practice5TH EditionCIPD Publication2010Haines and Petit (1997) as cited by Bandarouk,
T.V. and Ruel, H.J.MThe International Journal of Human Resource
Managementhttp://www.informaworld.com/smpp/title~content=t713702518Routledge20094
Leatherbarrow Charles, Fletcher Janet & Currie DonaldIntroduction to Human Resource
Management- a Guide to HR in Practice2nd EditionLondon, CIPD Publications5Taylor,
S,People Resourcing4th Edition CIPD Publications6Armstrong, MichaelA handbook of
Human Resource Management Practice10th editionKogan Page,20067cipd in partnership
with simplyhealth,Annual Survey Report -Absence Management 2012CIPD
publications20128Finn, J., & Jacobson, M.Just Practice: A Social Justice Approach to Social
Work.Peosta, IL: Eddie bowers publishing. 20089Jacobson, M., Pruitt Chapin, K., &
Rugeley, C. (2009).Toward Reconstructing Poverty Knowledge: Addressing Food Insecurity
through Grassroots Research Design and Implementation. Journal of Poverty, 13(1), 1-19.
200910Russ-Eft, D., & Preskill, H.Evaluation in Organizations New York: Basic BooksTable
1cipdRetention of HR records, CIPD Resources FactsheetCipd, internet2013Table 2ICO
GuideWhat security measures should I take to protect the personal data I hold?ICO2013Table
3Internet sourceThe Liberty Guide to The Data Protection Act 1998Internet source1998Table
4ACAS websiteExamples of some HR recordssample HR records2013Page 21Legal Reasons
for compliance Legal Requirements- Legal compliance is a mainstay within all organisations
and covers: Tax and NI The EU Working Time Directive 203/88/EC ,-record of individual
hours worked, holidays The EU Working Time Regulations 2013, The National Minimum
Wages Act,- pay, pay statements The Equality Act, The Minimum working Age, The Data
Protection Act, The Freedom of Information Act, The Health and Safety Act,-accidents,
diseases, injuries and dangerous occurrences Privacy and Electronic Communications (EC
Directive) Regulations 2003 (SI 2003/2426) The Data Retention (EC Directive) Regulations
2009 (SI 2009/859) Data Protection Directive 95/46/EC Privacy and Electronic
Communications Directive 2002/58/EC Average level of employee absence, all employees
Statutory retention periods The table below summaries the main legislation regulating
statutory retention periods. If employers are in doubt, it is a good idea to keep records for at
least 6 years (5 in Scotland), to cover the time limit for bringing any civil legal action. Record
Statutory retention period Statutory authority accident books, accident records/reports 3 years
from the date of the last entry (or, if the accident involves a child/ young adult, then until that
person reaches the age of 21). (See below for accidents involving chemicals or asbestos) The
Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) (SI
1995/3163) as amended, and Limitation Act 1980. Special rules apply concerning incidents
involving hazardous substances (see below). accounting records 3 years for private
companies, 6 years for public limited companies Section 221 of the Companies Act 1985 as
modified by the Companies Acts 1989 and 2006 income tax and NI returns, income tax
records and correspondence with HMRC not less than 3 years after the end of the financial
year to which they relate The Income Tax (Employments) Regulations 1993 (SI 1993/744) as
amended, for example by The Income Tax (Employments) (Amendment No. 6) Regulations
1996 (SI 1996/2631) medical records and details of biological tests under the Control of Lead
at Work Regulations 40 years from the date of the last entry The Control of Lead at Work
Regulations 1998 (SI 1998/543) as amended by the Control of Lead at Work Regulations
2002 (SI 2002/2676) medical records as specified by the Control of Substances 40 years from
the date of the last entry The Control of Substances Hazardous to Health Regulations 1999
and 2002 (COSHH) (SIs 1999/437 and 2002/2677) Record Statutory retention period
Statutory authority Hazardous to Health Regulations (COSHH) medical records under the
Control of Asbestos at Work Regulations medical records containing details of employees
exposed to asbestos medical examination certificates 40 years from the date of the last entry 4
years from the date of issue The Control of Asbestos at Work Regulations 2002 (SI 2002/
2675). Also see the Control of Asbestos Regulations 2006 (SI 2006/2739) and the Control of
Asbestos Regulations 2012 (SI 2012/632) medical records under the Ionising Radiations
Regulations 1999 until the person reaches 75 years of age, but in any event for at least 50
years The Ionising Radiations Regulations 1999 (SI 1999/3232) records of tests and
examinations of control systems and protective equipment under the Control of Substances
Hazardous to Health Regulations (COSHH) 5 years from the date on which the tests were
carried out The Control of Substances Hazardous to Health Regulations 1999 and 2002
(COSHH) (SIs 1999/437 and 2002/2677) Record Statutory retention period Statutory
authority records relating to children and young adults until the child/young adult reaches the
age of 21 Limitation Act 1980 Retirement Benefits Schemes records of notifiable events, for
example, relating to incapacity 6 years from the end of the scheme year in which the event
took place The Retirement Benefits Schemes (Information Powers) Regulations 1995 (SI
1995/3103) Statutory Maternity Pay records, calculations, certificates (Mat B1s) or other
medical evidence 3 years after the end of the tax year in which the maternity period ends The
Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended Statutory
Sick Pay records, calculations, certificates, self-certificates 3 years after the end of the tax
year to which they relate The Statutory Sick Pay (General) Regulations 1982 (SI 1982/894)
as amended wage/salary records (also overtime, bonuses, expenses) 6 years Taxes
Management Act 1970 national minimum wage records 3 years after the end of the pay
reference period following the one that the records cover National Minimum Wage Act 1998
Record Statutory retention period Statutory authority records relating to working time 2 years
from date on which they were made The Working Time Regulations 1998 (SI 1998/1833)
Recommended (non-statutory) retention periods For many types of personnel records, there is
no definitive retention period: it is up to the employer to decide how long to keep these
records. Different organisations make widely differing decisions regarding the retention
periods to adopt. For example, the General Medical Council has been consulting on proposed
changes to its retention periods. It currently retains some documents (including employment
contracts and pay history) for 100 years from the employees date of birth! An employer needs
to consider what would be a necessary retention period for them, depending on the type of
record. The advice in this factsheet is based on the time limits for potential tribunal or civil
claims, it is often a question of judgement rather than there being any definitive right and
wrong. Where the recommended retention period given is 6 years, this is based on the 6-year
time limit within which legal proceedings must be commenced as laid down under the
Limitation Act 1980. Thus, where documents may be relevant to a contractual claim, it is
recommended that these be retained for at least the corresponding 6-year limitation period.
Record Recommended retention period actuarial valuation reports permanently application
forms and interview notes (for unsuccessful candidates) 6 months to a year. (Because of the
time limits in the various discrimination Acts, minimum retention periods for records relating
to advertising of vacancies and job applications should be at least 6 months. A year may be
more advisable as the time limits for bringing claims can be extended. Successful job
applicants documents will be transferred to the personnel file in any event. assessments under
health and safety regulations and records of consultations permanently Record Recommended
retention period with safety representatives and committees Inland Revenue/HMRC
approvals permanently money purchase details 6 years after transfer or value taken parental
leave 5 years from birth/adoption of the child or 18 years if the child receives a disability
allowance pension scheme investment policies 12 years from the ending of any benefit
payable under the policy pensioners' records 12 years after benefit ceases personnel files and
training records (including disciplinary records and working time records) 6 years after
employment ceases redundancy details, calculations of payments, refunds, notification to the
Secretary of State 6 years from the date of redundancy senior executives' records (that is,
those on a senior management team or their equivalents) permanently for historical purposes
time cards 2 years after audit trade union agreements 10 years after ceasing to be effective
Record Recommended retention period trust deeds and rules permanently trustees' minute
books permanently works council minutes permanently The UKs independent authority set
up to uphold information rights in the public interest, promoting openness by public bodies
and data privacy for individuals. What security measures should I take to protect the personal
data I hold? Related items Practical guide to IT security (pdf) Guide to data protection:
information security Our approach to encryption Online and computing guidance Protect the
personal data you hold with our top tips on computer security, emails, faxes, staff training
and more. Computer security Install a firewall and virus-checking on your computers. Make
sure that your operating system is set up to receive automatic updates. Protect your computer
by downloading the latest patches or security updates, which should cover vulnerabilities.
Only allow your staff access to the information they need to do their job and dont let them
share passwords. Encrypt any personal information held electronically that would cause
damage or distress if it were lost or stolen. Take regular back-ups of the information on your
computer system and keep them in a separate place so that if you lose your computers, you
dont lose the information. Securely remove all personal information before disposing of old
computers (by using technology or destroying the hard disk). Consider installing an anti-
spyware tool. Spyware is the generic name given to programs that are designed to secretly
monitor your activities on your computer. Spyware can be unwittingly installed within other
file and program downloads, and their use is often malicious. They can capture passwords,
banking credentials and credit card details, then relay them back to fraudsters. Anti-spyware
helps to monitor and protect your computer from spyware threats, and it is often free to use
and update. Email security Consider whether the content of the email should be encrypted or
password protected. Your IT or security team should be able to assist you with encryption.
When you start to type in the name of the recipient, some email software will suggest similar
addresses you have used before. If you have previously emailed several people whose name
or address starts the same way - e.g. Dave - the auto-complete function may bring up several
Daves. Make sure you choose the right address before you click send. If you want to send an
email to a recipient without revealing their address to other recipients, make sure you use
blind carbon copy (bcc), not carbon copy (cc). When you use cc every recipient of the
message will be able to see the address it was sent to. Be careful when using a group email
address. Check who is in the group and make sure you really want to send your message to
everyone. If you send a sensitive email from a secure server to an insecure recipient, security
will be threatened. You may need to check that the recipients arrangements are secure enough
before sending your message. Fax security Consider whether sending the information by a
means other than fax is more appropriate, such as using a courier service or secure email.
Make sure you only send the information that is required. For example, if a solicitor asks you
to forward a statement, send only the statement specifically asked for, not all statements
available on the file. Make sure you double check the fax number you are using. It is best to
dial from a directory of previously verified numbers. Check that you are sending a fax to a
recipient with adequate security measures in place. For example, your fax should not be left
uncollected in an open plan office. If the fax is sensitive, ask the recipient to confirm that
they are at the fax machine, they are ready to receive the document, and there is sufficient
paper in the machine. Ring up or email to make sure the whole document has been received
safely. Use a cover sheet. This will let anyone know who the information is for and whether it
is confidential or sensitive, without them having to look at the contents. Other security
measures Shred all your confidential paper waste. Check the physical security of your
premises. Staff training and security Train your staff: so they know what is expected of them;
to be wary of people who may try to trick them into giving out personal details; so that they
can be prosecuted if they deliberately give out personal details without permission; to use a
strong password - these are long (at least seven characters) and have a combination of upper
and lower case letters, numbers and the special keyboard characters like the asterisk or
currency symbols; not to send offensive emails about other people, their private lives or
anything else that could bring your organisation into disrepute; not to believe emails that
appear to come from your bank that ask for your account, credit card details or your password
(a bank would never ask for this information in this way); not to open spam not even to
unsubscribe or ask for no more mailings. Tell them to delete the email and either get spam
filters on your computers or use an email provider that offers this service. The Data
Protection Act 1998 The Eight Protected Principles First Principle Personal data shall be
processed fairly and lawfully and, in particular, shall not be processed unless at least one of
the conditions in Schedule 2 is met; and in the case of sensitive personal data, at least one of
the conditions in Schedule 3 is also met. Processing means collecting, storing, retrieving or
organising data. The First Principle introduces the requirement that, in order to be fair and
lawful, personal data cannot be handled unless at least one of the conditions in Schedule 2 of
the DPA is met and, in the case of the processing of sensitive personal data at least one of the
conditions in Schedule 3 is also met. The first condition in Schedule 2 is that the data
controller has obtained your consent. However, consent is only one of the conditions and
processing or your personal data without your consent may be fair and lawful provided that
the data controller can show that one of the other conditions is met. For instance processing
will be fair and lawful if that the processing is necessary to fulfill a contract or to comply
with other legal obligations. Special conditions apply to the handling of sensitive personal
data, which is defined as information relating to race or ethnic origin, political opinions,
religious beliefs, physical/mental health, trade union membership, sexual life or criminal
activities. This type of information cannot be processed in most circumstances unless you
have given your explicit consent to the processing, or the processing is necessary for strictly
limited purposes (e.g. for the administration of justice). The conditions required to comply
with the First Data Protection Principle are set out more fully on the section Legitimate
Processing. Second Principle Personal data shall be obtained only for one or more specified
and lawful purposes, and shall not be further processed in any manner incompatible with that
purpose or those purposes. This means that the data controller must have a valid reason to
collect your personal data and must inform you what that reason is. Data collected for one
reason cannot be used for any other unrelated purpose. For example, if a company holds your
name and address for a particular purpose, it cannot give that information to a mail order
company without your permission. If a data controller wishes to use your data for an
unspecified purpose, they must obtain your express consent to do so. Third Principle Personal
data shall be adequate, relevant and not excessive in relation to the purpose or purposes for
which they are processed. In other words, only data really necessary for the purpose stated
should be collected. It is not acceptable for a data controller to hold information on the basis
that it might possibly be useful in the future without a view of how it will be used. If a data
controller fails to keep their information up to date, information that was originally adequate
may become inadequate. If they keep data for longer than necessary then the data may well
become irrelevant and excessive. In the case of Community Charge Registration Officer of
Runnymede BC v Data Protection Registrar, the Tribunal held that public bodies which had
the power to require people to provide personal information were under a particular duty to
ensure that the information they requested was always adequate, relevant and not excessive.
In many cases, data controllers will be able to remedy possible breaches of the Principle by
the erasing or adding to data so that the information is no longer excessive, inadequate, or
irrelevant. Fourth Principle Personal data shall be accurate and, where necessary, kept up to
date. The Fourth Principle means that obsolete and erroneous information must be removed
or updated. The DPA states that data are inaccurate if they are incorrect or misleading in any
matter of fact. Therefore opinions will not be covered by the Principle. The Principle will not
be breached if: - the data controller has taken reasonable steps to ensure the accuracy of the
data; or - they have recorded the data subjects view that the data are inaccurate. Regarding
the second part of the Principle, the purpose for which the data are held will be relevant to
whether updating is necessary. For example, if the data are intended to be used merely as an
historical record, updating would be inappropriate. However, where data are used to decide
whether to grant credit or some other benefit it is important that the information is current.
You may be entitled to compensation if you suffer loss or harm due to inaccuracies in your
personal records. This is discussed under Rights and Remedies. Fifth Principle Personal data
processed for any purpose or purposes shall not be kept for longer than is necessary for that
purpose or those purposes. To comply with this Principle, data controllers need to review
their personal data regularly and delete information which is no longer required for their
purposes. In the 2005 case of The Chief Constables of West Yorkshire, South Yorkshire and
North Wales Police v Information Commissioner, the Information Tribunal held that the
retention of records of criminal convictions in line with guidance by the Association of Chief
Police Officers did not breach the Fifth Principle provided the records were retained for
policing purposes. However, the records should be stepped down after a certain period of
time and should not be disclosed to other parties for use in employment vetting. This decision
was reinforced by the 2008 decision of the Tribunal in The Chief Constables of Humberside,
Staffordshire, Northumbria, West Midlands and Greater Manchester Police v Information
Commissioner. There the Tribunal found that that the Chief Constables should not retain
conviction data on the Police National Computer for if no longer required for their core
purposes. Certain statutes set time limits for the retention of data for example the Police and
Criminal Evidence Act 1984 and the Companies Act 1985. Recommendations as to the
retention of data can also be found in Codes of Practice, for example the CCTV Code of
Practice published by the Information Commissioner. Sixth Principle Personal data shall be
processed in accordance with the rights of data subjects under this Act. This means that the
data controller must comply with the provisions set out in the DPA as to individuals rights,
such as the right to subject access and the right to have inaccurate information corrected.
Further information on this is contained in the Rights and Remedies section. Seventh
Principle Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental loss or
destruction of, or damage to, personal data. This Principle requires the data controller to take
appropriate steps to ensure security, bearing in mind what is reasonable in the circumstances
in relation to the nature of the information held; the harm that may be caused to individuals if
the security of the information was breached; the cost of implementing security measures;
and the current state of technological development. Data controllers also need to be aware of
the Financial Service Authoritys Principles for Business, which require firms to take
reasonable care to organise and control their affairs responsibly and effectively. In 2006, the
FSA fined Nationwide 980,000 in respect of a stolen laptop which could have been used to
further financial crime. Eighth Principle Personal data shall not be transferred to a country or
territory outside the European Economic Area, unless that country or territory ensures an
adequate level of protection of the rights and freedoms of data subjects in relation to the
processing of personal data. The European Economic Area (The EEA) consists of the fifteen
EU Member States together with Iceland, Liechtenstein and Norway. Personal data may
move freely between these states. The Eighth Principle requires that in order for data to be
transferred outside this area, the country to which the data is to be transferred must provide
an adequate level of protection. This will depend on various factors, including the law in
force in the country or territory in question, the international obligations of that country or
territory and the nature of the data to be transferred. The Safe Harbor Privacy Principles
agreed between the European Commission and the US in 2000 mean that personal
information may be transferred to the US where the company involved has fulfilled specific
conditions. Schedule 4 of the DPA provides for circumstances in which the Eighth Principle
does not apply to a transfer. These include where the data subject has given their consent to
the transfer; where the transfer is necessary for the completion of a contract; for reasons of
substantial public interest or for legal proceedings.

https://vdocuments.site/3rai-assignment.html