A concerned reader asks what his rights are since learning that his ex-employers are telling co-workers about his HIV status. Sarah Nolan, Head of Commercial & Employment Law at QualitySolicitors Jackson Canter answers.
Dear Legal Team,
I had to leave my job after I disclosed that I am HIV+. When I was first diagnosed I had to take extended time off from work to go to the doctors, because I was at first very ill.
My line manager asked me why I was taking so much time off and I revealed my status. All was okay, but after two months – I was starting to get uncomfortable with comments that were being made by my line manager and the boss – who she disclosed my health info to.
The “banter” turned quite nasty and it was ruining my life – and making my health worse. I decided to resign and we resolved the issues through ACAS – as a consequence I signed sort of gag order – which forbids me from talking to anyone about this… but now, after a few years – I had a text out of the blue from an ex-colleague who said that he knew I was HIV positive – the only people who knew my status were my line manager and the area boss.
I did not disclose my status to anyone else and it looks as though my former employers have leaked my details. I’m wondering what I can do to make sure my health remains personal – and whether I should reopen my case with ACAS. I’ve tried emailing the company to discuss the text – and haven’t heard anything back from them – after two months.
Your question seems to involve the Data Protection Act 1988.
The Data Protection Act 1998 is concerned with respecting the rights of individuals when processing their personal information. The act is mandatory and all organisations that hold or process personal data must comply its provisions.
The Data Protection Act contains 8 principles:
- personal data should be processed fairly and lawfully
- data should be obtained only for one or more specified and lawful purposes
- the data should be adequate, relevant and not excessive
- it should be accurate and where necessary kept up to date
- any data should not be kept for longer than necessary
- personal data should be processed in accordance with the individuals’ rights under the act
- data should be kept secure
- personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.
All employers have responsibilities under the Act to ensure that their activities comply with the Data Protection Act. Employers are responsible for the type of personal data they collect and how they use it and they should not disclose personal data outside the organisation’s procedures, or use personal data held on others for their own purposes. ACAS provide some helpful guidance about this on their website (acas.org.uk).
Employees have a legal right to access information that an employer may hold on them. This would include any personal information relating to your health. There is a 40 day time frame stipulated for dealing with any such requests.
If you feel your old organisation has misused information or hasn’t kept it secure then contact the Information Commissioner’s Office (ico.org.uk).
If you believe that the terms of the settlement reached with your former employer via ACAS have been breached then you should seek specialist legal advice in this regard or try to re-contact ACAS without delay.
ALSO READ: Can a Landlord chuck me out if I’m LGBT?
Have you got a legal query you’d like to ask our experts? Get your free advice here. Submit your question here
Written by Sarah Nolan – Head of Commercial & Employment Law at QualitySolicitors Jackson Canter
This response is not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. Individuals should always seek legal advice from a professional which is specific to their unique set of circumstances.