Staff should be provided with an outline of the Act. We suggest that the subject is covered as a paragraph in the staff handbook.  They should also be informed of the types of data that is held about them.  Where sensitive data is to be held their explicit consent should be obtained.  

A clause should be added to the staff handbook which makes it clear what information is held and why it is being held.  Pension Fund Managers/trustees and medical insurance companies may also need to hold information, this should be part of the communication to staff.

If company products are to be marketed to staff this needs to be made clear in that communication (and the opportunity to opt out).

If necessary explicit permission must be obtained to hold or communicate sensitive data (but the employee should not be put under pressure to give this permission).  The main area here arise from sickness records (see below for detailed discussion).  Staff being considered for PHI claims or ill health retirement will have to give explicit consent for the communication of medical data.

Line Managers need to understand the provisions of the Act in more detail and in particular the need to comply with the Act if they keep electronic or paper records on their staff.  There is nothing in the Act that excludes such record keeping but it must be done in accordance with the good practice principles.