Data Protection Principle 1 - Fair and lawful processing

Processing of personal data is "fair" if

• the person providing the data clearly understood how it was to be processed, or
• the person providing it is required by law to provide it, or
• the data subject providing the data was given "fair processing information", including information about the identity of the data controller and the purpose for which the data is to be processed, or
• the data subject was not the source of the data but was given "fair processing information".

If employees do not know that the employer is processing certain data about them, such processing is not "fair". Employers should ensure that full information is provided about the data that is held and the purposes to which it is put. Those purposes must be defined in the data controller's register entry but should generally be explained to the employee at the time the data is collected, e.g. on a job application form or an induction form. The payroll department could assist by providing a payroll information document for induction use.

Processing of personal data is "lawful" if a number of specified "Schedule 2" conditions are met. Those that serve to authorise payroll processing are that the processing is necessary

• for the performance of a contract to which the data subject is a party
• for compliance with any legal obligation to which the data controller is subject.

However, some processing requires that further conditions be met. Some personal data is defined in the DPA as "sensitive", i.e. it is potentially open to abuse to the detriment of the data subject. Of the eight types of "sensitive" data, the ones that are relevant to payroll are

• membership of a trade union, i.e. for check-off purposes
• physical or mental health or condition, i.e. sickness absence records, SSP records
• details of the proceedings for any offence and their outcome, i.e. deducting court orders.

The relevant additional "Schedule 3" conditions that must be met for the processing of "sensitive" data to be lawful are:

• the data subject has given explicit consent to the processing (i.e. in writing, in advance)
• the processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment.

In the case of trade union membership, the employee has given signed authorisation for the deduction on the check-off agreement. In the case of offences, the processing of court orders is a statutory obligation for the employer.

The processing of sickness records, however, is a problem area; unless employees individually give their signed consent to the processing - and that is not normally practical - there is no defined condition that allows the processing of sickness records other than those SSP records that the employer must maintain by law. However, there is no issue at present as long as the sickness records are not used for a purpose other than that for which the data was collected. For example, if sickness records collected for the purpose of sickness payments were used subsequently for disciplinary purposes, that would be unlawful.

A key objective of absence records is to identify the reason for each absence and it would not be practical to keep reasons for some absences and not others. The Information Commissioner's guidance, for computerised records, is to separate sickness records from absence records logically rather than physically, perhaps using additional password protection. That cannot be done with paper records and this creates a problem for employers that the Commissioner accepts may only be resolved by a change in the legislation.

The processing of personal data would also be unlawful if it involved the disclosure of personal data outside of the disclosures defined in the data controller's register entry. Examples in the payroll context would be:

• giving bulk employee details to a local authority to assist in detecting benefit fraud
• giving employees the home telephone number of the payroll manager in case they need help with payroll queries out of hours.

The DPA directs that personal data should not be disclosed to other organisations for the prevention or detection of fraud unless

• there is a statutory requirement for the disclosure to be made, or
• the data controller believes that failure to disclose, in a particular instance, is likely prejudice the prevention or detection of crime, or
• the disclosure is provided for in workers' contracts of employment.

Payroll staff are vulnerable to pressure from managers and outside agencies to disclose information about employees. They need to understand the data protection issues, but they also need training in how to respond to urgent telephone calls and demanding managers or directors when disclosure would be unlawful. There should be an internal disclosure policy. Giving information over the telephone is not unlawful, as long as there is no doubt about the identity of the recipient. It is sensible to return phone calls, after confirming the identity of the enquirer. Sending information by e-mail is a potential problem if there is no certainty that only the named recipient will read it. Cheque requisitions sent to the accounts office for a court order should not have any supporting documentation that could identify the employee concerned. Can payroll staff readily identify other potential breaches?