| Company obliged to furnish accident report form, says Data Protection Commissioner |
|
A company was obliged by the Data Protection
Commissioner to furnish an accident report form to an employee, who was
taking proceedings against the company because of an accident at work.
Details of the case are disclosed in the Annual Report of the Data Protection Commissioner 2008,
which was published recently. The case - and another regarding the
safeguarding of medical certificates and the Code of Practice for the
insurance industry published in August 2008 (see HSR, September 2008, pg1 & 7)
- highlight the need for health and safety advisors to be aware of the
impact of data protection legislation on health and safety practice. The Code of Practice for the insurance industry was published by the Data Protection Commissioner, despite insurance industry reservations. The Commissioner notes in the annual report that it was not “possible for the IIF to agree all the terms of the Code on behalf of its members”. Notwithstanding these reservations, the Commissioner reports that he is encouraged by the regular queries his office receives from insurance companies. He believes the Code is being implemented. ACCIDENT REPORT FORM The Commissioner reports that he received a complaint from a data subject (a person on whom information is held) who had been involved in an accident at work. The subject had made an access request under the Data Protection Acts to their employer for a copy of all information held about them, including the accident report form. The employer did not respond within the forty-day time frame set out in the Act and the data subject asked the Data Protection Commissioner to intervene. The Commissioner contacted the employer, who advised that it had passed the request onto its insurers, who were dealing with legal proceedings arising from the accident. The Commissioner pointed out that the obligation to provide the information rested with the employer. The employer then provided some documents, but not the accident report form. The Commissioner again contacted the employer, who claimed that the accident report form was exempt from disclosure due to legal privilege. The employer argued that the accident report form was a document over which privilege could be maintained in proceedings in court in relation to communications between a client and professional legal advisers. The Commissioner rejected this argument because, the report states, “the accident report was prepared on foot of the legal requirement for an accident report to be created if a workplace injury results in at least three days absence from work”, as required by the General Application Regulations 1993 (reg 59). (HSR note: the Commissioner should in his report have stated “more than three consecutive days”). The Commissioner also rejected a claim that as the accident report form was completed with the assistance of the employer’s legal advisor, it could be withheld on the basis of legal privilege. The outcome of the Data Protection Commissioner’s intervention is that a copy of the accident report form was provided to the data subject, who was an employee pursuing a personal injuries claim against his/her employer. SAFEGUARDING MEDICAL CERTIFICATES An employer, which was found by the Data Protection Commissioner not to have adhered to its own data protection security measures, ended up making a donation to a charity chosen by a data subject, who lodged a complaint that a medical certificate relating to her had been accessed in an unauthorised manner. The data subject said it had been brought to her attention that a medical certificate relating to her was displayed on a noticeboard in the office of a manager, which office was shared with others from a different employer organisation. The data subject’s employer investigated the complaint and responded that the certificate was placed behind other documents and could only have been seen by somebody who deliberately sought to see it. The employer told the Commissioner that it took its obligations under the Data Protection Acts seriously and that such data is held in locked cabinets, unless required by another department in the business. It also told the Commissioner that it had reminded its managers of their duties in relation to confidential data. The Commissioner found that the medical certificate had been placed on a noticeboard in an unlocked office and that the unit manager involved had not adhered to the employer’s data security policies. |
Safety Divisions
| Design and Construction |
| Environmental |
| Occupational |
| Training |
Careers
We have built up a consideration reputation and trust
amongest our clients over the years with the quality and nature of the
service that we provide. This services includes the placement of
environmental and occupational health and safety advisors onsite with our
clients for fixed contracts.
Safety Software
Safecon Placements
