1 / 23

Compliance with Tier 4 Sponsor Duties ─ Data Protection and Employment Law Implications

Compliance with Tier 4 Sponsor Duties ─ Data Protection and Employment Law Implications. Sarah Linton, July 2013 Locke Lord (UK) LLP 201 Bishopsgate London EC2M 3AB. Duties owed to Students.

elden
Télécharger la présentation

Compliance with Tier 4 Sponsor Duties ─ Data Protection and Employment Law Implications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance with Tier 4 Sponsor Duties ─ Data Protection and Employment Law Implications Sarah Linton, July 2013 Locke Lord (UK) LLP 201 Bishopsgate London EC2M 3AB

  2. Duties owed to Students • Transparent information and consultation on Tier 4 requirements – on immigration restriction/rules imposed by UKBA and on the sponsor’s duties • Emphasise the importance of compliance with the rules, both by students and by the sponsor: • If a student does not comply, that could mean he/she has committed a criminal offence and/or he/she could be denied entry to the UK for several years • Student non-compliance could also lead to downgrade/suspension or revocation of licence for the University

  3. Data Protection Responsibility as Tier 4 sponsor includes compliance with the law in general The Information Commissioner’s Office meets representatives from the Higher Education Sector on a regular basis to discuss information rights within the sector Data protection laws exist to strike a balance between the rights of individuals to privacy and the ability of organisations to use data for the purposes of their business

  4. What are the consequences of non-compliance? The Commissioner can serve a data controller with an 'information notice' requiring the data controller to provide certain information within set time limits Failure to comply with such notice, or providing deliberately false information, is a criminal offence If the Commissioner concludes that there has been a breach of the law, she may then serve a data controller with an 'enforcement notice'. This could force a data controller to stop processing personal data, or stop processing data in a particular way. Failure to comply with an enforcement notice is a criminal offence Possibility for employees/officers of universities to be personally criminally liable if the offence has been committed with their consent, connivance or neglect Possible fineswhich, depending on the circumstances, may be of an unlimited amount

  5. Data Protection • When does data protection law apply? Data protection law applies whenever a data controller processes personal data. These words are given special meaning by the Data Protection Act 1998 (the “Act”) • Data controllers A data controller is the person who determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In other words, you will be a data controller if the processing of personal data is undertaken for your benefit and you decide what personal data should be processed and why. A typical example of a data controller is an employer

  6. Data Protection • Personal data: Personal data means data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller. For example, most education institutions will process personal data relating to students. “Students” would be classified as 'data subjects'. • Processing: The Act applies when personal data is processed or is to be processed by a computer, or is recorded or to be recorded in a structured manual filing system. To be covered: (i) there must be a set of information relating to individuals (ii) which is structured either by reference to individuals or by criteria relating to individuals and (iii) in such a way that specific information relating to particular individuals is readily accessible. The term 'processing' covers virtually any use which can be made of personal data, from collecting the data, storing it and using it to destroying it. For example, this will include the assessment of whether a student is able to meet the course admission requirement.

  7. Eight Core Principles In order to comply with the Act, a data controller must comply with the following eight principles: 1. The data should be processed fairly and lawfully and may not be processed unless the data controller can satisfy one of the conditions for processing set out in the Act. 2. Data should be obtained only for specified and lawful purposes. 3. Data should be adequate, relevant and not excessive. 4. Data should be accurate and, where necessary, kept up to date. 5. Data should not be kept longer than is necessary for the purposes for which it is processed. 6. Data should be processed in accordance with the rights of the data subject under the Act. 7. Appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights in relation to the processing of personal data.

  8. Looking after the information you hold about students If you handle and store information about identifiable, living people – for example, about students – you are legally obliged to protect that information. Under the Act, you must: • only collect information that you need for a specific purpose • keep it secure • ensure it is relevant and up to date • only hold as much as you need, and only for as long as you need it • allow the subject of the information to see it on request (i.e. data subject access request)

  9. Sensitive Personal Data • Where a University intends to process sensitive personal data of students, there are further conditions • Sensitive personal data consists of information relating to the racial or ethnic origin of a data subject, his political opinions, religious beliefs, trade union membership, sexual life, physical or mental health or condition (i.e. which may be relevant to student absence), or criminal offences or record • It may still be lawful to process sensitive personal data: • where the data subject (i.e. students) has given his/her explicit consent (e.g. in the study offer as part of the condition of study); • where the processing is required for the purposes of complying with employment law; • where it is necessary to establish, exercise or defend legal rights (e.g. communicating information to UKBA for audit purpose).

  10. Some recommendations to data controllers Notification – make sure you notify the ICOaccurately of the purposes for your processing of personal data. Notification is a statutory requirement Personal data – make sure you handle personal information in line with the data protection principles Fair processing – let students and staff know what you do with the personal information you record about them; Make sure you restrict access to personal information to those who strictly need it Security – keep confidential information secure when storing it, using it and sharing it with others Disposal– when disposing of records and equipment, make sure personal information cannot be retrieved from them Policies– have clear, practical policies and procedures on information governance for staff and students to follow, and monitor their operation Subject access requests – recognise, log and monitor subject access requests Data sharing – be sure you are allowed to share information with others (e.g. student work placement agents) and make sure it is kept secure when shared

  11. Protection of Freedoms Act 2012 • The Protection of Freedoms Act 2012 places controls on the use of biometric systems in schools and six-form colleges, for example for cashless catering or borrowing library books • The provisions in the Act will take effect from 1 September 2013, and the Department for Education (DfE) has advised schools to start planning for this implementation date • Key points: • Schools and colleges must ensure that each parent of a child is notified of the school’s intention to use the child’s biometric data as part of an automated biometric recognition system • The written consent of at least one parent must be obtained before data is taken from the child and used. This applies to all pupils in schools and colleges under the age of 18. In no circumstances can a child’s biometric data be processed without written consent

  12. Employment duties • Review existing employment contracts of all employees (both senior and junior) in connection with compliance and enforcing any international student admission and contact procedures especially for those with frequent direct contact with students • Check if the relevant clauses on employment duties provide you with the authority to make any reasonable orders in terms of Tier 4 sponsor compliance duties • “You are employed as [JOB TITLE] and report to [NAME]. [Your duties are set out in the attached job description.]” • “You may be required to undertake other duties from time to time as we may reasonably require.”

  13. Employment duties • Consider inserting relevant clause in the employment duties/obligation section • “Notify the University as soon as possible of any student absence or disappearance, change to any students’ immigration status or any change in circumstances which may affect any student’s right to study in the University or to live in the UK as soon as you have become aware of such, in accordance with the relevant procedure or policy. For these purposes, you should be aware that the University needs to maintain a history of student’s attendance and contact records, not just their current details, in accordance with the UK Border Agency’s rules and regulations.” • “Failure to comply with these obligations may lead to disciplinary action being taken against you under the [Disciplinary Procedure].” • Provide relevant training to employees in relation to Tier 4 sponsor duties

  14. How to introduce changes to the employment contract First of all, consider if any changes are likely to cause any legal or practical problems for employers and for employees At common law, a contract may only be amended in accordance with its terms or with the agreement of the parties Employment contracts are no exception to this basic rule and the law will not allow employers to use their greater bargaining position to impose material contractual variations on employees against their will

  15. How to introduce changes to the employment contract An employer will not need to vary the contract: Where the change which an employer is seeking to make does not actually affect the contract of employment OR Where the contract of employment itself authorises the change which the employer wants to make

  16. How to introduce changes to the employment contract An employer has three options in order to change contract terms: • To seek agreement to the changes, and dismiss those who refuse to agree. The employees who are dismissed may have claims for unfair dismissal and (if the employer does not service notice) breach of contract • To terminate the existing contracts of employment and offer re-engagement on the new terms. The employees may have claims for unfair dismissal and (if the employer does not serve notice) breach of contract. In addition, there may be collective consultation obligations • To impose the changes, and leave it to the employees to decide how to respond. This may result in claims of constructive dismissal

  17. Practical tips for agreeing changes Employers should bear in mind the following important points when communicating a proposed change to affected employees: • Why is the change necessary? • Do all of the changes have to be implemented at one time? It may be possible to make some changes over time and/or put in place transitional arrangements • Can employees be offered any incentive to help them accept the change? Offering an additional benefit in return for a detrimental change is often an effective way of securing agreement. This does not necessarily have to be a financial benefit • Finally, the timing of a proposed change can be important (e.g. consider any scheduled visit by UKBA)

  18. Suggested procedure where the proposed change is not contractually authorised Ascertain the nature of the consultation: Will the change affect 20 or more employees or, alternatively, is it likely that 20 or more employees will refuse to agree to the change voluntarily? Relevant employee representatives? Recognised trade union? Presentation to all affected employees as early as possible, to give adequate warning of the proposed changes Commence collective consultation or hold individual consultation meetings with the employees concerned (as appropriate). Consider whether the changes can be varied to address the concerns of the employees Hold a further consultation meeting

  19. Suggested procedure where the proposed change is not contractually authorised Write to employees setting a deadline for obtaining written agreement to the new terms Hold individual meetings to discuss the employee's refusal to agree to proposed change Hold appeal meeting if the employee invokes right of appeal Write to the employee confirming outcome of appeal and that this is final decision

  20. Review existing employee handbooks and disciplinary policy Identify if the existing employee handbooks/disciplinary policy deals with employee negligence and/or conduct issues in connection with Tier 4 sponsor rules compliance Fairness and transparency are promoted by developing and using rules and procedures for handling disciplinary and grievance situations (Acas Code of Practice) Clear rules benefit employees and set standards of conduct

  21. Sarah Linton T: +44 (0) 20 7861 9061 E: slinton@lockelord.com Sarah Linton is a Partner in the London office and head of the UK Employment Practice. Her practice encompasses all aspects of employment law, including employment contracts, termination agreements, disputes, European and domestic works councils, strategic European HR issues, employment aspects of international transactions, data protection and privacy matters, employment litigation including unfair dismissal, wrongful termination, discrimination claims and bonus disputes. Sarah also advises on business-related immigration law. Sarah regularly contributes to legal and other publications on employment law-related subjects, in particular on the transfer of undertakings (TUPE).

  22. About Locke Lord • Full-service, international law firm with offices in Atlanta, Austin, Chicago, Dallas, Hong Kong, Houston, London, Los Angeles, New Orleans, New York, Sacramento, San Francisco and Washington, D.C. • Opening of Hong Kong office and strategic expansion of London presence demonstrates Firm’s commitment to better serve clients’ needs worldwide • Our clients range from Fortune 500 companies and middle market public and private companies to start-ups and emerging businesses • London office has 7 key practice areas: Banking & Finance; Corporate; Dispute Resolution; Employment; Insolvency & Restructuring; Real Estate; Insurance & Reinsurance

  23. Compliance with Tier 4 Sponsor Duties ─ Data Protection and Employment Law Implications Sarah Linton, July 2013 Locke Lord (UK) LLP 201 Bishopsgate London EC2M 3AB

More Related