Data Protection: Legal Compliance and Good Practice for Employers (2nd Edition)

Protocols concerning legal issues continue to increase in importance within all types of business and protocols relating to data protection provide no exception. The data protection protocols which are often implemented by human resource departments provide an opportunity for the organisation to guide individuals through activities that can have harmful legal ramifications if these activities are executed incorrectly. Accurate drafting of protocols is problematic in itself, as often a range of scenarios have to be considered and subsequently factored into the process of writing and updating. Adding in the dynamic area of data protection with its raft of legally mandated duties can provide significant problems. These problems are tackled within this book.

The book moves from the general principles of the legislation to the specifics of application very well. I personally would have liked to see further use of practical examples in certain elements of the more complicated areas of the legislation; however, for those working within the human resources field this is not likely to be a substantial issue. It is reassuring that the index reads like a checklist of the key elements within the organisational data protection field: An overview, the general principles, notification, the Data Protection Act, recruitment and selection, employee records, health, equal opportunities, monitoring and finally freedom of information. Each section of the book provides a practical take on the issues and produces up to date insight phrased in an understandable way. The one comment I will make concerns the conclusion, which begins as follows:

HR [Human Resource] managers may believe data protection issues are impossibly complicated. Whilst it is true that very detailed guidance[… ]needs to be considered and followed, in practice most of the rules amount to little more than commonsense. (p. 205)

I agree with the statement on a very general level; however a reader who works in but may not be fully aware of the full implications of the area will have read through a book dealing with complicated legal issues. It may be slightly disheartening for that reader to be confronted with a “it is all common sense” passage at the end of the book.

This book will provide best value for those running or working within human resource departments within the public and private sectors and will also be of use to managers of small firms who do not yet have the scale to run full human resource departments. However, the audience is unlikely to widen beyond individuals working within or providing services to the human resources field.

For those new to the area, the book presents a frightening array of pitfalls that will lead to various types of liability. For those within the sector it clarifies many of the issues and may introduce ideas that will aid in the improvement of protocols related to the legal compliance with the data protection legislation. Lynda Macdonald has written a book that endeavours and subsequently succeeds in outlining the significant and often overlooked risks involved for those organisations dealing with information. This book is likely to be of significant value for those working within the human resources field.