Employee Data Protection

An accountant holds data on behalf of a client. Those data include references to that client's employees (who would be Data Subjects under the Data Protection Act).

How effectively can Client Confidentiality be pleaded by the accountant as a counter to requests for personal data (tax, pay, dicussions affecting the employees etc.) when the client refuses to give copy of personnel records to its employees?
  • Under the Data Protection Act your client is the Data Controller, as they collect and manage the information.  You are merely an outsourced service provider, and as such are a Data Processor.

    The ultimate responsibility for the data lies with the client (as the Data Controller).  Therefore it is their decision whether to allow access to the data to individuals.  Your role as a Data Processor is to follow the instructions from the Data Controller.

    Of course you may have an agreement with the client to allow you to speak directly with employees, and if that is the case it should be covered by your engagement letter.

  • Jon,

    Thank you for that reply.

     Could I as Data Processor become a Data Cotroller under the act by originating data, publishing data or originating communication about the Data Subject(s) if it is a) accurate, b) inaccurate?
  • Frank,

    The definition of a Data Controller according to the ICO is:
    "Data controller means … a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed."

    You may also want to see the other definitions from the ICO here: http://www.ico.org.uk/for_organisations/data_protection/the_guide/key_definitions

    From your original post - you are not the Data Controller for this data therefore you have no right to decide whether you pass information on to the employees.  Whether it is accurate or not is irrelevant.

    You may also be a Data Controller for other information you hold.  The above link gives some useful examples.