In spite of use of the word "employment" in its name, the Employment Practices Data Protection Code applies in respect of any one who comes within the definition of worker even if he is not an employee for employment law purposes. It specifically includes job applicants, agency workers, contractors, casual workers and contract workers as well as those who come within the normal definition of employee. As with most other codes of practice, the Data Protection Code does not have the formal force of law but the Courts take it seriously (see the Naomi Campbell privacy case, Campbell v Frisbee ChD 2002 , reported at [2003] ICR 141, CA, and see also notes at Codes of Practice generally).
A complete consolidated version of the ICO Code of Practice on Data Protection in the employment field was published in June 2005. A document with examples called the ICO Supplementary guidance to the employment code and a shortened "ICO Quick Guide to the Employment Practices Code" are also available on the Information Commissioner's website.
The extension of the Data Protection Act 1998 to cover manual records came fully into effect on 24th October 2001 subject to limited relief until 23rd October 2007 in respect of manual data in existence at 24th October 1998 - see notes at Data protection/a general note .
Seperately from the Employment Code of Practice noted above, in January 2008 a revised version of the Information Commissioner's Office CCTV Code of Practice was issued, providing guidance and advice for CCTV users on how to comply with the Data Protection Act . It includes a checklist for users of very limited CCTV systems where the full provisions of the code would be too detailed.
The January 2008 CCTV CoP replaces the previous Information Commissioner's Office CCTV (Closed Circuit Television) code of practice, July 2000. It covers only surveillance in public places, pointing out that the Data Protection Act does not apply to individuals’ private or household purposes. It says it takes account of the technical, operational and legal changes that have taken place since the original 2000 code was drawn up.
Essential features of the ICO guidance are that there should be prominent signs making it clear that images are being taken, who is taking them and for what purpose. Also, in areas where people have a heightened expectation of privacy, such as changing rooms or toilet areas, cameras should only be used in the most exceptional circumstances. The 2008 revised Code record pays particular attention to CCTV sound recording, which it says can only be justified in exceptional circumstances and if it is being used, this should be stated explicitly and prominently.
Individuals must be free to refuse to have their images individually recorded (eg by a zoom camera in a public place). Although not an employment law matter, the 2005 experience of Manchester Airport which took images of a Mr Hedgley in spite of his protests and had to pay him compensation is relevant in this context (see Manchester Evening News, 5th April 2005 re "Photo blunder costs airport £4,000").
There is also a Code of Practice on "Interception of communications" and a Code of Practice on "Covert Surveillance", which came into force on 1st August 2002 (see Regulation of Investigatory Powers (Covert Surveillance: Code of Practice) Order 2002, SI 2002/1933).
The Information Commissioner's main web-site is at Information Commissioner's "Data Protection Guide" and the Information Commissioner's Office Technical Guidance Notes webpages are essential sources of practical information n all aspects of data protection.