Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error
Data protection
Options
Go to last post Go to first unread
Previous Topic Next Topic
Admin  
#1 Posted : 01 February 2004 17:12:00(UTC)
Rank: Guest
Admin
Posted By Clark
We are the principal contractor on a CDM job.

Contractor has a reportable incident while on our site. None of our employees witnessed the incident.

Contractor carries out own investigation.

We ask for a copy of the report, or even just some details and remedial action taken to prevent recurrence. (CDM reg19)

This request is denied due to Data Protection Act.(DPA)

The question is, is this really the purpose of the DPA?, is the contractor correct?, as principal contractor are we not entitled to this information? I am not worried if the persons details are left of the report.
Back to top
Admin  
#2 Posted : 01 February 2004 17:30:00(UTC)
Rank: Guest
Admin
Posted By Robin V Boughton
You are entitled to the information. My understanding of the Data Protection Act is that it only relates to information electronically held on individuals, and if you hold such information then you must be registered under the Act.
Unfortunately the DPA is often being misused. What have they got to hide??
Back to top
Admin  
#3 Posted : 02 February 2004 09:16:00(UTC)
Rank: Guest
Admin
Posted By Kelvin George
Hi

DPA is to protect individuals. ie you are not allowed to know the name. However you are allowed to know what happened.

eg. A "job title" was perform task X and event Y happened resulting in accident Z.

Hope it helps

Cheers Kelvin
Back to top
Admin  
#4 Posted : 02 February 2004 09:30:00(UTC)
Rank: Guest
Admin
Posted By Allan St.John Holt
I may be able to shed some new light on this, following a meeting with the HSE to try and resolve an apparent conflict between information for safety reps and the Data Protection Act. It turns out that the DPA has nothing to do with this. Information such as accident reports only becomes data when it is ordered and stored - at which point the act and its provisions apply. The problem is really one of confidentiality, which is a human right.

The individual must consent to having information about them released, and if that consent is withheld then releasing it breaches the person's rights to confidentiality - NOT the DPA. The solution is for the employer to take appropriate steps to obtain consent to disclosure.

There is an interesting rider to all this, which is 'implied consent'. If the information in question is already in the public arena, then the individual is deemed to consent to its wider publication. Therefore, if the injury happens in a workplace in circumstances where everyone knows what happened, then the individual cannot demand that the information is kept private.

Of course, all of this has no effect where is a duty to notify the statutory authorities - i.e. under RIDDOR. I understand that the new printing this month of BI510, the Accident Book, will explain all of this for us.

Hope this helps,

Allan
Back to top
Admin  
#5 Posted : 02 February 2004 09:58:00(UTC)
Rank: Guest
Admin
Posted By Martyn Hendrie
I agree with comments regarding disclosure of the individual person(s) details. However, I also believe that the CDM regulations require the contractor to give you basic information on what happened, to allow you to ensure that others on site are not/ have not been put at risk.

Also, as PC you are entitled to know of any revision to the risk assessments and SSOW (Method Statements) resulting from the enquiry/ investigation.

I also see no reason why you cannot carry out your own investigation and speak directly to any witnesses.
Back to top
Admin  
#6 Posted : 03 February 2004 05:44:00(UTC)
Rank: Guest
Admin
Posted By John Murgatroyd
If the information can identify an individual then the dpa applies.
The data can be held in electronic or paper form.
For more info go to:
http://www.informationco....aspx?id=1038&expmovie=1

Of course, if you put pressure on them to release the info and they were wrong to so do, then BOTH of you are liable to prosecution.
Oh, and the HSE have little idea of the dpa..they have been slated by the info commissioner (when it was the data protection mob) (name change, bigger salaries et-al) in the past. In fact, they also have little knowledge of the HASAWA.
Back to top
Admin  
#7 Posted : 03 February 2004 09:24:00(UTC)
Rank: Guest
Admin
Posted By Ken Taylor
As being in control of the workplace, you must be entitled to relevant information from this incident (eg Reg 11 of MHSAW Regs?). For this sort of reason, we, as clients, require notification of reportable incidents under RIDDOR as part of our documentation to the PC.
Back to top
Admin  
#8 Posted : 04 February 2004 09:41:00(UTC)
Rank: Guest
Admin
Posted By Clark
Thank you all for your responses, they helped a lot.
Back to top
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET