Skip to main content


Volume 495: debated on Monday 29 June 2009

To ask the Secretary of State for Justice if he will make an assessment of the merits of amending the Data Protection Acts 1998 and 2002 to provide for the immediate deletion of records held by employers of complaints made by them against former employees in circumstances in which such complaints are withdrawn. (282676)

All processing of personal data in the UK must be carried out in compliance with the Data Protection Act 1998 (DPA). The fifth data protection principle in the DPA requires that personal data are not kept for longer than is necessary for the purpose for which it was collected. This principle would apply to any personal data contained in complaints against former employees, including those that are later withdrawn. The Information Commissioner's Office (ICO) is responsible for investigating and enforcing compliance with the DPA. Any concerns that a data controller is not complying with the Act may be referred to the ICO.