· Features
Data protection

Data protection in the dumps: a lesson to be learned from Oliver Letwin

From leaving Government laptops on trains to sensitive CDs in taxis, the dumping of work-related documents in a park bin by Cabinet minister Oliver Letwin marks the latest in a long line of political gaffes relating to the security of personal information.

Although Letwin's spokesman stated that the documents he dumped did not contain any sensitive material, they contained the personal details of constituents and fellow MPs. The news of Letwin's indiscretions should set alarm bells ringing for employers, raising as it does a number of issues surrounding the storage, and disposal, of sensitive information.

The Data Protection Act 1998 sets out eight principles on how 'personal data' should be handled, including safeguarding against unauthorised use, accidental loss or destruction. Failure to dispose of information securely is a clear breach of the data protection principles, and could lead to an investigation by the Information Commissioner, a fine of up to £500,000, or even a claim for damages from affected individuals.

Secure disposal of all work-related data should be rigorously controlled by employers, including arrangements for the storage of data by employees who take work home with them. Specifically, the disposal of documents should not take place outside company premises, and must be returned to the workplace to be disposed of within a controlled environment.

The implementation of a policy which addresses such issues would clearly be in the best interests of employers, not only because failure to do so breaches the requirements of the legislation, but also because taking proper responsibility for handling documents helps maintain customer and client confidence. It may be the case that your business has clear procedures in place for storing and disposing of information at work, but that you trust your employees to use common sense when dealing with documentation and information from home. This isn't enough. As an employer, a dual approach is required in order to secure the safe transportation and storage of information by your employees, both at work and elsewhere. Without such an approach, legal action and damage to your business could ensue - not to mention an embarrassing article in the press.

Employers are best advised to examine their current policies, assess their level of compliance, and then identify how to close any gaps.

Lorraine Teague (pictured) is an employment law partner at Shakespeares