Security of personal data

Pages19-19
Commentary
19
which can lead to both physical illness and psychological distress. It should, therefore,
be limited to cases in which the surveillance is necessary in order to deal with specific
problems related to health and safety or to the protection of property. As to secret
monitoring, it is accepted as long as it is foreseen by specific provisions of national law.
It might also be unavoidable in connection with investigations concerning criminal
activities or other serious wrongdoings. But the code stresses that the mere suspicion of
such an activity or wrongdoing is not sufficient. Only if, and to the extent that
reasonable grounds exist for suspecting such activities or wrongdoings may the
employer resort to secret monitoring. An example of serious wrongdoing is sexual
harassment, which might not be defined as a criminal offence.
7. Security of personal data
(7.1) The code, as other regulations concerning the processing of personal data, asks
for specific organizational and technical measures to ensure that access to personal data
can be efficiently restricted and protected against loss and that the data can be
safeguarded against any unauthorized use, modification or disclosure. Examples of
measures to be taken are found in various guidelines and manuals on data security. The
code, however, also stresses that there is no abstract general rule on the measures to be
taken. They depend on the particular processing circumstances. Employers should adapt
their approach to the specific conditions under which personal data are processed.
8. Storage of personal data
(8.1) Only personal data gathered in conformity with the principles in this code
should be stored. Specific rules are nevertheless necessary.
(8.2) Medical data should, as is already done in most countries, be kept separately
from all other information related to workers (see box 4). Their storage should be
handled exclusively by specialized personnel bound by the rules of medical secrecy. To
eliminate possible misunderstanding, section 6.7 clarifies that the reference to medical
data applies only to those data which have been collected by persons acting under
medical confidentiality.
While the code does not prohibit computerizing certain particularly sensitive data,
such as medical and psychological data, problems can arise if the entire record is not
included. Special attention, therefore, must be paid to the computerized storage of
personal data which presents several dangers: the record on computer may be
incomplete, the use of key words to characterize data may be misleading, selected data
may be transferred from one file to another, and access to the data may not be as easily
controlled as with manual files. These risks can only be avoided if computerized storage
is not limited to the data but comprises the entire context in which they are mentioned
(also see box 5).

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT