Welcome to Adare Human Resource Managements March 2016 edition of our HR and Employment Law Newsletter
In Conjunction with Shannon Chamber of Commerce
Topic – Data Protection – Key Learnings for Organisations
During the course of the Employee lifecycle, many Organisations gather an array of sensitive and personal information from their Employees. Organisations must be aware of the importance of Data Protection area and in this month’s newsletter we consider Data Protection, its implications and its impact for Organisations.
Data Protection is governed by the Data Protection Acts 1988-2003 – this piece of legislation establishes the requirements in relation to the holding, the use and the disclosure of personal data.
Data Access Requests
Current and former Employees, have a right of access to their personal data under Section 4 of the Data Protection Acts 1988-2003 (the “Data Protection Acts”). Employees can make a request to their Employer in writing and the Employer is required to issue this information within 40 days.
It is important for Organisations to be aware that the right of access goes far beyond an Employee’s personnel file and covers all information from which the requesting individual might be identified which the Organisation keeps either on a computer or manually. Therefore a wide variety of documents can fall within a data access request including emails, handwritten notes, medical reports, accident reports, CCTV, photographs and even complaints against the requesting party.
Dealing with access requests can be a challenge for an Organisation and over the last number of years Employees have increasingly availed of their access rights under the Data Protection Acts particularly when employment issues arise.
It is important to note that an Employee is not entitled to documents requested if they are not personally identified from those documents, such as policies and procedures.
In relation to Opinions given in confidence, Section 4(4A) of the Acts provides that the expression of an opinion about the data subject given by another person does not need to be disclosed if that opinion was given in confidence, or on the understanding that it would be treated as confidential. The scope of this exemption has been very narrowly applied by the Data Protection Commissioner and it will generally only apply in cases where the opinion would not have been given but for the understanding that it was to be treated as confidential. The mere fact that a document is marked confidential is insufficient to rely on this exemption.
Specific exemptions apply and Section 5 of the Data Protection Acts contains a number of exemptions to the obligation to provide personal data. The most common exemption which arises is in respect of information that is legally privileged, for example communications between an Employer and their solicitor. If a medical report was specifically obtained for the purpose of defending litigation proceedings, this will be exempt. However, Employers who carry out medicals as part of either a pre-employment recruitment or in cases where Employees are sent to an occupational health practitioner and Employers are in possession of medical data, this will generally have to be provided.
The obligation to comply with an access request does not apply where it is impossible for the data controller to provide the data or where it involves a disproportionate effort.
Organisational Data protection may also be concerned with the monitoring of both email and internet usage of Employees. Any such data of this type could certainly amount to personal or sensitive data. In order for Organisations to negate any future claims of this type, it is vitally important to have an IT usage policy in place outlining how any personal or confidential Employee data is treated. The Organisation should ensure they adhere to the Data Protection principles outlined by the Data Protection Commissioner:
1. All data must be fairly obtained
2. Retention of any such data, is for a specified purpose
3. Data is processed in a compatible manner for which it was collected
4. All information is held securely
5. All information is kept up to date
6. All information is adequate, and not excessive
7. Data should only be held for as long as it is required to fulfil the specified purpose
8. Access should be provided to Employees on any personal data held, relating to them
A workplace policy should be in place in an open and transparent manner to provide that:
A balance is required between the legitimate rights of Employers and the personal privacy rights of Employees
Any monitoring activity should be transparent to Employees
Employers should consider whether they would obtain the same results with traditional measures of supervision
Monitoring should be fair and proportionate with prevention being more important than detection
New guidelines in relation to CCTV
Recently the Data protection Commissioner issued new guidelines in relation to CCTV use in the workplace. CCTV is an area of Data Protection which is becoming increasing more common within Irish Workplaces. These new guidelines include a requirement for a written CCTV policy to be put in place, also Employers are required to justify their use of CCTV in the workplace. The following steps have been outlined by the Data protection Commissioner:
• Conduct, review and evaluate a risk assessment process
• Complete and review a privacy impact assessment
• Develop a data protection policy exclusively for dealing with CCTV
• Demonstrate previous incidents that justify the need for CCTV in the Workplace
Also Employers should note that where CCTV is used in disciplinary issues, Organisations should allow Employee the opportunity to review any evidence against them, in advance of a disciplinary meeting.
The issue of Data Protection in Irish workplaces in becoming increasingly more common and it is important that Organisations fully understand their responsibilities under the Acts.
The Organisation of Working Time – Case Law
Recently we have seen a number of interesting cases relating to the Organisation of Working Time Act. This area of legislation is heavily regulated in terms of an Employees working patterns – which can relate to breaks, hours worked and annual leave entitlements. In this month’s newsletter the team at Adare Human Resource Management examine three interesting cases and their key learnings for Employers:
DWT15139 – TESCO v TEISUTIS KAZILAS
Tesco Employee not provided with daily rest periods
In this case the Complainant stated that he did not receive a daily rest period as provided for in section 12 of the Act. He commenced employment with Tesco Ireland Ltd (the Company) as a night retail security officer on 21 March 2005.
The Complainant in evidence told the Court that the night shift was staffed by one or two duty managers. When two managers were on duty he received his breaks. However, when only one manager was on duty he was regularly called back from his break to assist with various duties and did not receive the statutory breaks set out in section 12 of the Act. He was required to clock out for his break and to clock back in at the end of the break. When called back from his break he clocked back in to work. However when the task for which he had been called back was completed he could not clock out again as the system did not permit him to do so. He stated that it was a regular occurrence for
him not to get the statutory break on those nights. He further stated that he was not allowed leave the premises during his break and remained constantly on-call.
The Respondent called three managers to give evidence. Two of them were not present in the store during the relevant statutory reference period and as a consequence were not in a position to give any relevant evidence to the Court. The Court adjourned to allow the relevant manager give evidence. He stated that he had a good working relationship with the Complainant. He acknowledged that the Complainant was occasionally called back from his break when the need arose. He disputed the frequency stating that he estimated that it occurred at the rate of one night per week. He told the Court that he did not check whether the Complainant received the statutory break to which he was entitled. He said he assumed that he had resumed his break and completed it. He stated that the Complainant had never raised the matter with him. As a consequence he said he did not give the resumed breaks any consideration.
The Court found that the Complainant’s and the Manager’s evidence was broadly consistent. The Manager did not intervene in the Complainant’s management of his breaks. He noted that the Complainant had not brought any difficulties to his attention. Had he done so he would have addressed them and enable the Complainant resume and complete his lawful breaks. In the circumstances the court accepts the Complainant’s evidence and found that the complaint is well founded and ordered the Respondent to pay the Complainant compensation in the amount of €1,500 euro.
DWT15122 – CLONTARF CASTLE LIMITED v SYLWIA MATIJUK
Employee “not in a position to take breaks”
The second case we examine is also concerned with daily rest periods. The Claimant in this case contended that she was not always in a position to avail of breaks at work.
The Claimant confirmed that she was aware from the Company Handbook of her entitlement to breaks and was aware that she was required to notify the Respondent within one week of any occasion when she did not receive the required break(s). She also confirmed that she decided on occasion not take her breaks in order that she might finish earlier on the day. She stated to the Court that while she signed in each day there was no requirement for her to notify her supervisor of the conclusion of her working day or to make or sign any record of her time of conclusion.
The Respondent contended that a record was kept by the Claimant’s supervisor of the Claimant’s starting and finishing time each day. The Respondent stated that those records were compiled on the basis of the Claimant’s interactions with the Supervisor at start and finishing times each day. The Respondent stated that under the Act it was exempt from having to keep records of rest breaks.
In issuing its conclusion the Court found that the Respondent had not put before the Court clear evidence that the Claimant availed of her breaks during her employment.
The Court found that the Respondent had not provided the Court with appropriate records of the Claimant’s breaks. The Court therefore concluded that on an unspecified number of occasions the Claimant did not avail of her entitlement to breaks. The Court, consequent on its findings as set out determines that the Respondent should pay a sum of €500.00 to the Claimant in compensation.
DWT1589 – KEPAK ATHLEAGUE v ARTHUR ZASKALASKI
Complainant not provided with notification of overtime
The final case we examine is concerned with the provision of overtime. The Complainant worked in the Lamb Boning Hall of the Respondent, a food processing Company. He was employed by the Respondent from 29th September 2009 to 9th October 2013.
The Complainant submitted that the Respondent was in breach of Section 17 of the Act as he was not provided with appropriate notification of the requirement to work overtime. The Complainant worked overtime on four occasions within the cognisable period. He stated that the Respondent was in breach of the Act as no start and finish times were included in the contract of employment and he contended that a notice stating that there will be a coffee break at 4.30pm was not sufficient to indicate a finishing time.
The Respondent stated that Employee’s contract provides for overtime as part of the terms and conditions of employment. During the course of his employment the Complainant carried out reasonable overtime without issue and did so until a Piece Rate Agreement was introduced in November 2011, in agreement with the employee forum. The Respondent stated that production in the factory is subject to the cyclical nature of the industry and it is well known and accepted that there are peaks and troughs in production activity. In addition orders can arrive at the last minute which could not reasonably be foreseen. The Piece Rate system was introduced in order to improve competitiveness and efficiency in a very difficult economic climate.
It was stated that each Monday morning a roster was placed on the planning notice board for that week located in the hall for all Employees to see which sets out, to the best of the Respondent’s ability, the requirement for overtime for that week which would be scheduled for late afternoon on Tuesday or Thursday thereby giving employees in excess of 24 hours’ notice. The requirement to work overtime is indicated by the following “coffee break- 4.15 pm” on the relevant days which signifies that rather than finishing at 4.30/4.45 pm, overtime would continue until 6.00/6.30pm.
In issuing its conclusion the Court found that by requiring the Complainant to work a reasonable amount of overtime and not to leave the workplace without being granted permission, that the Respondent was not seeking the Complainant to co-operate in breaching the Act. The Court noted that no issue was raised by the Complainant with the Respondent concerning the non-provision of the statutory notice of additional hours, rather the Complainant was seeking to set a pattern of work he was prepared to do in
order to suit his personal requirements. The Respondent indicated that it was not possible to facilitate him and accordingly his request was not feasible due to the nature if the business. For this reason the Court found that the Complainant’s complaints alleging a contravention of Section 17 is well founded and awarded the Complainant compensation of €1,000.
All Employers should note that all Employees, except a few exemptions, are entitled to
rest breaks of 15 minutes where upto 4.5 hours have been worked and 30 minutes where upto 6 hours have been worked, which may include the first break;
a minimum daily rest period of 11 hours consecutive rest per 24 hour period;
at least one period of 24 hours consecutive rest in any 7 day period;
this should be preceded by a daily rest period of 11 hours, thereby allowing one uninterrupted 35 hour rest period per week.
Differing conditions relating to night workers and Employees under the age of 18 apply.
Organisations should also pay close attention to record keeping and all records should be retained in a clear format. Where an Organisation has a clock-in system this will suffice for the retention of records, although in the past we have seen that a number of the previous NERA inspectors required timesheets / records of working hours to be signed by Employee. Where this system is not in operation, then a form designed by the Department of Enterprise, Trade and Employment (OWT1) may be used, or any other similar form which contains the same information.
For further information on The Organisation of Working Time Act please contact the Adare Human Resource Management team on 01 561 3594 or email@example.com
HR Helpdesk – IT & Social Media Policies – The Essentials for Organisations
As social media and technology becomes more common in Irish workplaces, monitoring their application can prove exceptionally difficult for Employers. It is certainly without doubt that social media and technology has strengthened communications between the consumer and the business, as well as internally within the Organisation itself, allowing for much stronger communications. However, with such an array of technological and social media outlets it can be difficult for Employers to comprehensively and completely monitor – and of course the question arises as to what is most appropriate to monitor. In this month’s HR Helpdesk Adare Human Resource Management discuss the requirements for a robust policy and how this can help negate future claims.
It is hugely important that all Organisations be fully aware and ensure they have a policy related to the usage of both social media, and technology in place. Over the past number of years we have seen many cases where the line between the Employees personal lives and work life has become blurred as a result of their actions online.
This is especially noteworthy when one considers the case of the dismissal (that was upheld as being fair) of an Employee (Teggart V Tele Tech UK Ltd) after posting inappropriate comments about a female colleague on his own personal social media account and on his own time, and also the fair dismissal case of an Employee using an inappropriate name for her manager on her personal Facebook account (Aoife O’Mahoney v PJF Insurances). These cases highlight the need for the Employer to clearly set out their policies in relation to social media and technology in the workplace. Where the Employer provides technology to Employees for the purpose of carrying out their role, polices are especially needed. This has recently become a much more prevalent subject following a case by the European Court of Human Rights.
The Court ruled that the Employer in this case had the right to monitor the personal messages of the Employee, which eventually contributed substantially to his dismissal. In line with this careful consideration should be provided to the evaluation and review of current policies in the Organisation and how they can be improved in line with technological advancements. The Organisation should pay attention to including clauses in relation to the downloading of software – only for work-related purposes, as well as clauses noting that applications and online tools should not be downloaded without prior approval of a senior member of management. The Organisation should also ensure they define clearly what they consider constitutes misuse of technology and/or social media, and perhaps more importantly their definition of misconduct and gross misconduct. In line with these definitions, the Organisation must also clearly set out the likely course of action which will occur should the actions of an Employee deemed to be misconduct or gross misconduct. The social media and technology policy should always be linked to the disciplinary policy, to ensure that where there is breach or concern that this may be dealt with accordingly.
The team at Adare Human Resource Management have outlined some key sections which are essential as part of a Social Media and Internet Usage Policy: Firstly, the Organisation must define exactly which systems/technology are being monitored The Organisation must define that only appropriate material should be accessed using such systems/technology In terms of social media and email – Organisations should clearly state that anything said on either platform may be binding on the Organisation and hence to take particular caution Organisations should also ensure that clear guidelines exist when using their company social media accounts – including the respect of the audience and what is suitable to post Use of an Organisations trademark and logo must have approval from the Organisation.
The use of technology and social media in the workplace always has the potential for a data breach. Where an Employee can access potentially sensitive material, whilst using the Organisation systems at work can indeed have detrimental consequences for the Organisation. So too where a particular device could be lost or stolen, with significant confidential information potentially being misused. Any breach of this type may be brought before the Data Protection Commissioner which may cause the Organisation to be brought into disrepute; and internal or external communications potentially available in the public domain. As social media and technology continues to grow in the workplace, Employers should ensure they develop and adapt their current and future polies to reflect this ever changing area of legislation. Ensuring your Organisations policies and procedures are sufficient in dealing with any future claims which may arise.
For further information on Social media and Technology Policies please do not hesitate to contact the Adare Human Resource Management team on (01) 561 3594 or firstname.lastname@example.org.