DATA PROTECTION HUMAN RESOURCES CORPORATE PROCEDURES

Transcription

1 Ministry for Social Dialogue, Consumer Affairs and Civil Liberties Data Protection Unit DATA PROTECTION HUMAN RESOURCES CORPORATE PROCEDURES Draft Version: 1.5 Date of first issue: December 2004 Last Amended: September 2015

2 TABLE OF CONTENTS 1 INTRODUCTION SCOPE BACKGROUND INFORMATION PUBLIC SERVICE MANAGEMENT CODE PROCEDURES DISTRIBUTION OF PAYSLIPS AND FS3 FORMS MOVEMENT OF PERSONAL FILES TEMPORARY FILES DISCIPLINARY FILES PUBLICATION OF SELECTION BOARD RESULTS ACCESS BY EMPLOYEES TO THEIR PERSONAL DATA RETURN ON PRIVATE WORK BY EMPLOYEES SICK LEAVE CERTIFICATES ACCESS TO IT APPLICATIONS FOR HR PURPOSES DISCLOSING HR RECORDS TO OTHER MINISTRIES OR DEPARTMENTS PUBLIC SERVICE RESEARCH ANNUAL ASSESSMENTS REPORTS ATTENDANCE SHEETS DEFINITE AGREEMENTS FOR CONTRACT EMPLOYEES (NON-PUBLIC OFFICERS) OUTSOURCING CERTIFICATION OF SICK LEAVE CONCLUSION September 2015 Page 1

3 1 Introduction 1.1 Scope These procedures are intended to be used as guidelines by Human Resources Branches within ministries and government departments when they are processing employees personal data. Officers assigned duties in HR branches are expected to adopt these procedures to provide safeguards to processing operations related to employees. These guidelines are being issued in conjunction with the Public Administration HR Office (PAHRO). 1.2 Background Information In July 2003 a Working Group was set up by the Management and Personnel Office (MPO) now PAHRO, with the overall objective of examining and reviewing HR corporate forms and practices in use within MPO and HR branches in government ministries and departments, with a view to bringing them into conformity with data protection requirements. The Working Group consisted of representatives from MPO, the Directorate General OPM, MITTS (now MITA), the Ministry of Finance & Economic Affairs, the Education Division and the Health Division. HR standard operational procedures across the Public Service have been identified, and have been reviewed by the HR Corporate Issues Working Group to be in accordance with data protection requirements. The revised corporate procedures were also presented and explained to HR Managers during one of their fora. The Data Protection Act states that 'personal data is not kept for a period longer than is necessary, having regard to the purposes for which they are processed'. Data cannot be kept 'just in case'. A retention schedule has been developed indicating the period during which personal data may be kept, depending on the process in respect of employees. Therefore, any application forms or any other document containing personal data is to be disposed of, in a responsible manner, as soon as possible, and based on the guidelines published in the Retention Policy for HR Documents (URL: Public Service Management Code Most of the procedures currently in force in government departments are governed by the Public Service Commission (PSC) Regulations, as well as the Public Service Management Code (PSMC). The revised procedures outlined in these documents are aimed at improving practices of handling personal information, and such procedures should be used in conjunction with the PSC Regulations and the PSMC. September 2015 Page 2

4 2 s The procedures contained in this document have been identified to be widely used for HR purposes. HR departments or branches always strive to keep personal data as confidential as possible, and these procedures have been slightly amended where required to strengthen the good practice already existing in this field. September 2015 Page 3

5 2.1 Distribution of Payslips and FS3 Forms At present, salary statements (payslips) are sent using the Dakar Payroll System. These statements are sent via in the form of a pdf attachment. This file contains, apart from personal details, the IBAN number, details of salary, allowances, NI contributions and FSS. There may be instances where this statement contains other data, such as alimony payments ordered by the Court. At the beginning of each calendar year, FS3 forms are also generated in pdf format by the system and sent via to employees for income tax purposes. These forms show all earnings, social security payments and FSS paid for the previous year. Employees who do not have a valid address get their salary statements and FS3 forms as hard copies. 1. Salary statements and FS3 forms should, whenever possible, be transferred, through the Dakar Payroll System and MITA, to the government or personal inbox of the particular officer. When this is not possible, like when an employee does not have a government or a private account, the respective printed document should be distributed in a responsible manner by a person who is accountable to execute such duties. 2. All care should be taken to ensure confidentiality, providing safeguards so that payroll data related to employees is not disclosed to persons who are neither the direct superiors of such employees, nor involved in the processing of such personal data. 3. Salaries Statements/FS3 forms should not: a. remain on the desk of an employee who is absent from his place of work; b. be handed to any other colleague unless the employee concerned has consented to such action. 4. Employees who do not have an account and are on leave or sick leave when salaries statements/fs3 Forms are distributed, are to: a. Either collect such salary statements/fs3 forms personally from the respective responsible officer when they report for work, or b. If absence is for a long period, salaries statements/fs3 forms should be sent by post to the employees concerned. 5. All salary statements/fs3 forms should be sealed in envelopes addressed to the appropriate employees. Alternatively, other options may be pursued in the following cases: a. Where the number of employees in a department requires a disproportionate effort to deliver salary statements/fs3 forms in sealed envelopes to individual employees, such salary statements/fs3 forms should be grouped by section within that particular department. These should then be handed to each Head of Section in a sealed envelope, to be distributed by him/her in a confidential manner. b. Where there are area offices, or outlying offices representing Government Departments, such salary statements/fs3 forms should be grouped by area office, and handed to each Head of such area office in a sealed envelope, to be distributed by him/her in a confidential manner. 2.2 Movement of personal files Personal files held in HR branches contain personal data of employees in the respective government department or section. This personal data may even include "sensitive" September 2015 Page 4

6 personal data that must be handled in strictly confidential manner. Depending on the size of the ministry/department, personal files are either held in cabinets in a registry, or else within the HR branch. Where such files are kept in a ministry s or department s registry, these are sent to authorised staff by hand with a messenger. The normal registry procedures are followed, i.e. marking the movement of the file in question. In cases where the files are kept within the HR branch itself, authorised HR officers access personal files. In such cases, not all branches keep record of file movement. Temporary files are opened on a particular subject matter, so as to restrict access to the whole file. This is also done in cases of disciplinary action. Disciplinary files are held separately, but are attached to personal files and are moved together between officers. 1. HR managers must ensure that personal files are sent to authorised staff only in the course of exercising HR functions. For this purpose, the HR Manager should draw up a list of officers who are authorised to access personal files in the course of exercising their duties. Only public officers performing HR duties, besides the Head of Department/Ministry concerned, are to be authorised to view personal files. A copy of this list of authorised officers is to be given to the Officer-in-Charge of registry in cases where personal files are held in a registry. 2. Where a public officer who is not in the list of authorised officers to access personal files, is required to access a personal file, a distinct authorisation is to be sought from the HR Manager, explaining the purpose of the requirement in question. The HR Manager may issue an authorisation for a specific task to such officer, if he is satisfied with the reasons given, and deems it fit to give this distinct authorisation. When the specific task in question is executed, the authorisation to access such personal file is terminated. 3. Every time an employee's personal file is handed to a desk officer, an entry is to be made on the file covers, indicating the receiving officer and movement date - in accordance with standard registry procedures. This serves as an audit trail of the movement of the file. All movements are to be recorded on the movement card ; or where this process is automated through a Registry System, the movement details are to be recorded through the application. 4. The department/section should eliminate the possibility of a third person viewing or browsing through the contents of the file, while delivering it to its destination. Personal files delivered unsealed could easily give rise to such abuse. For this reason, the following procedures should be adhered to: a. When sending a personal file to locations outside the department or HR section, it should be sealed in an envelope. The same applies where files are sent from Registry to the public officer concerned. b. When sending more than one personal file to locations outside the department or HR section, these files should be placed in a portable container or box which can be locked. 5. When a public officer receives a personal file, he/she must take measures to safeguard personal data in that file. The employee must not leave the file lying about unattended or leave it open in a way that unauthorised persons could browse through the contents of a page. At the end of a working day, all files should be kept under lock and key. 2.3 Temporary files a) Documents about new issues September 2015 Page 5

7 In time, an employee's personal file is filled with different documents - some of which would relate to issues that are completely distinct from others in the same file. As specific issues arise, documents are added to the personal file. A practice applied by officers in HR departments/branches is to insert the related document in the main personal file, even though the case would not be closed and the file needs to be moved around from one desk officer to another. Such a practice could give rise to abuse by allowing unauthorised disclosure of documents which are unrelated to the issue in question. b) Other files There are cases where some outlying offices of departments keep copies of documents in other files separate from the employee's departmental personal file. When this happens, HR would not be aware of such information and would not have all the employee's records. Consequently, when an employee makes a request to see his/her information, all this personal data would be left out. c) Temporary files Some HR Department/Branches open a temporary file when new cases are being dealt with, so as to limit access to other information contained in the personal file in question. 1. Discontinue the practice of circulating personal files to officers who are not authorised to access such personal files, but who are only interested in a particular issue which just cropped up. A temporary file is to be opened, and all the documents particular to the case or issue are to be inserted in this file to be circulated to officers who are to deal with such case. 2. The opening of temporary files to reduce the risk of unauthorised access is to be continued. Where necessary and practical, temporary files should be created to process specific issues. Thus, only data relevant to the issue in hand is disclosed. This would effectively remove any risk of these personnel viewing any other personal data that is unrelated to the issue in question. 3. A note should be attached inside the employee's personal file - on the left-hand side on top of the minute sheet - to make desk officers aware that, apart from this main file, a temporary file has also been opened for a specific issue. Such a note is to contain: i. The Employee ID No. and Temporary File No; ii. The title of the temporary file which indicates the issue involved; iii. A warning to destroy this note when the particular case is closed and the temporary file cover destroyed. 4. Likewise, a note should be attached inside the temporary file on the left hand side, on top of the minute sheet showing the following: i. The Employee ID No. and the main Personal File No; ii. A warning to destroy this note, together with the temporary file cover, when the particular case is closed. Following the closure of the particular case or issue, all the documents contained in the temporary file are to be inserted in the main personal file, and the cover of the temporary file destroyed, together with the above-mentioned notes in both the main as well as in the temporary files. September 2015 Page 6

8 2.4 Disciplinary files Most departments have the custom of keeping documents relating to a pending disciplinary case in a file attached to an individual's personal file while the latter is in use for another purpose. In doing so, they are keeping in line with procedures detailed in the Public Service Management Code. This practice can create Data Protection related problems of confidentiality. Desk officers accessing an employee's personal file that has a pending disciplinary case file attached to it, would be able to browse through the contents of this latter file. Disciplinary cases would contain highly confidential information on an employee. The problem is aggravated by the fact that the case would still be pending and, therefore, information within the file might result to be inconclusive. Currently, there are four types of disciplinary cases identified in the PSMC, namely: a) Admonishment; b) Written warning; c) Minor; and d) Serious. procedure Admonishment and Written Warning: 1. When an admonishment is issued, it is not to be recorded in the employee s personal file, and any temporary record of such admonishment that may be kept is to be destroyed after 6 months, in accordance with the PSMC. 2. A written warning is attached to the Personal Record Sheet (PRS) (GP 46) of the employee to whom it is addressed. An appropriate note is also made in pencil on the PRS. All references to such warning, including the pencilled note, are to be removed following 12 months from its date of issue. Pending Disciplinary Cases: 1. Records of pending disciplinary cases have to be kept separately from other personal records that are kept in a main file. A distinct file for every minor and/or serious disciplinary case is to be opened, keeping records of pending disciplinary cases separately from the main personal file. 2. A pending disciplinary case file is to be treated as a temporary file, and as such it should not be attached to an individual s personal file to reduce the risk of unauthorised access. 3. The movement of the Disciplinary file is to be handled with the strictest confidentiality, as specified in the procedure for "Movement of Personal files". 4. While the disciplinary case is still pending, no reference to the case is to be made on the minute sheet of the personal file. 5. A note should be attached in the employee's personal file - on the left-hand side, on top of the minute sheet to make desk officers aware that an employee has a pending disciplinary case. This note should be removed and destroyed when the case is closed. Such a note is to contain: i. The Employee ID No. and Disciplinary File No. ii. iii. The class of the disciplinary case - pending minor or serious disciplinary case. A warning to destroy this note when the disciplinary case is closed. 6. Likewise, a note should be attached in the employee s disciplinary file on the left hand side, on top of the minute sheet to draw the attention of those officers dealing with the disciplinary case, that the employee has a pending issue in the personal file. September 2015 Page 7

9 The note should also be removed and destroyed when the case is closed. This note is to contain: i. The Employee ID No. and Personal File No. ii. iii. A brief description of the pending issue (e.g. initiated procedures to be boarded out). A warning to destroy this note when the disciplinary case is closed. Closure of Disciplinary Cases: 1. If the disciplinary case ends in favour of the employee, the following procedures are to be followed: i. The Disciplinary Case file is to be kept sealed in an envelope and attached to the employee's main personal file for 2 months. According to PSC regulations, the Departmental Head may lodge an appeal within 10 days from the date of closure. In the absence of such an Appeal, the file is to be detached from the main personal file and destroyed after 2 months. ii. No note about the Disciplinary Case is to be entered in the minute sheet of the main personal file, in a Service and Leave Record (GP47), or in the Personal Record Sheet (PRS - GP46). iii. Also, during this 2-month period, HR staff are to ensure that the personal file is not to leave HR premises, unless specifically authorised by the Department Head, or the HR Manager, or somebody acting on his behalf. 2. If the disciplinary case is decided against the employee, the disciplinary file is to be sealed (see 4 below) and attached to the main personal file. An entry is to be made on the minute sheet of the main personal file and also in the Personal Record Sheet (PRS - GP46) and the Service and Leave Record form (GP47). 3. Disciplinary Board members should not retain documents related to the case in question. Depending on the outcome of the case in question, such documents should be consigned to the respective Head of Department, to be processed in the same manner as indicated in procedures 1 and 2 of this section. 4. Disciplinary files are to be sealed in an envelope by the HR Manager or his delegate, who is to sign along the flap of the sealed envelope. 5. During the period of retention, sealed disciplinary files can only be opened upon instructions of the Head of Department, and/or upon approval of the HR Manager or his delegate. 6. PAHRO are to retain copies of correspondence related to disciplinary cases in distinct disciplinary files irrespective of the board decision of the case in question, applying the same safeguards mentioned in this section. September 2015 Page 8

10 2.5 Publication of Selection Board results The procedure is normally regulated by the Public Service Commission. Presently, when a candidate sits for an examination or applies for a post in the Public Service, the results are eventually posted on the PSC notice board. The results are also published on the notice board of the respective department which issued the call for applications. The published lists normally show the Index No, ID No, Name and Surname, Marks obtained and Order of Merit in the case of successful candidates, and the same details excluding Name/Surname and Order of Merit of unsuccessful applicants. Results pertaining to Officers above scale 6 are sent by post to their home address to limit circulation. 1. Calls for applications in the Government Gazette and/or circulars are to inform prospective candidates where the result would be published following the examination. Results can be published - at PSC, at Examinations Department or at the respective department. 2. The application form is to make reference to the conditions stipulated in the Government Gazette and/or circulars of the respective call for application. 3. After the selection process, the following details would be published as follows: a) For successful candidates: i) Identity Card No ii) iii) iv) Index No (where applicable) Name and Surname Marks obtained v) Order of merit b) For candidates failing the examination: i) Identity Card No ii) iii) iv) Index No (where applicable) Marks obtained Order of merit 4. The results are to remain published for not more than one month, following which all results are removed from the respective notice boards. 5. After the results are removed from the notice boards, the relative details are kept at PSC and PAHRO or the respective department. Interested candidates who took part in the examination or interview can make a Subject Access Request to obtain the required details. September 2015 Page 9

11 2.6 Access by Employees to their Personal Data At present there is no procedure whereby public officers can request access to their personal file. Prior to the coming into force of the Data Protection Act, only few departments allowed employees to view information held about them in their personal files. Most of the requests for personal information which is required for daily operations, such as sick and vacation leave records, national insurance payments, salary enquiries, etc, are made verbally. Requests by public officers to see personal information about them may consist of: 1. access to their personal file; 2. daily enquiries for routine information. 1. Requests for Access to personal files a) Requests made by telephone or verbally should not be entertained. b) Employees wishing to have access to any information contained in personal files should submit a request in writing ( , memo, or letter), addressed to the Data Protection Officer (DPO) of the respective department, giving the following identification details: ID Card No; Name and surname of employee; What particular details he would like to see. c) The DPO registers the access request on a subject access request register, taking note of the particulars mentioned in (b) above, the date when the request is received, the HR Manager to whom the request is to be referred, and the date when the request is referred to HR. It is advisable that the subject access request register be held in electronic spreadsheet format, so as to facilitate the tracking of subject access requests. d) The DPO refers the subject access request to the HR Manager, who inserts the request in the personal file. e) If it is deemed necessary, the HR Manager or his delegate can liaise directly with the employee making the access request, to clarify further and determine what course of action is to be taken as shown in (f) below. Where the access request is too vague and/or generic, the HR Manager should obtain enough information to focus the request on a particular subject related to the employee. f) The HR Manager or his delegate is to prepare the information in an intelligible manner. The HR Manager can use his discretion as to which of the following methods can be adopted: i. writing a report giving the necessary information requested, but making sure that the information given is faithful to that contained in the personal file; or ii. making a copy of the document/papers containing the information requested; or iii. showing the employee the file to his/her satisfaction. In such instances, a note is to be signed by the employee viewing the personal file, confirming that his/her access request has been met. g) In giving information to the employee as the data subject, care should be taken September 2015 Page 10

12 not to divulge any information relating to third persons, unless such third person is acting in an official capacity. h) Where the third person is not acting in an official capacity, and it is considered necessary that this information be given, prior consent should be obtained from the respective third person. If consent is not given, then information on third persons cannot be disclosed and the following measures should be taken: i. If a report is drawn up, no information is to be given which may identify third persons; ii. In cases where a copy of a particular document is going to be given to the data subject, identification details of third persons should be covered; iii. Where the employee is allowed to view his personal file, identification details of third persons should be blanked out as well, by weeding out documents that may be prejudicial to third parties. If this exercise involves a disproportionate effort, provide the information to meet the request either by exercising (i) or (ii) above. i) When the information to be given to the employee is collated, and ready to be presented, the report or copy, as the case may be, is sent to the DPO for vetting and onward transmission to the data subject. j) The DPO then sends an official letter with the reply to the data subject, copying the letter to the HR Manager to be inserted in the personal file of the individual making the subject access request. k) In the case where the employee has viewed his personal file, and signed the note confirming that he/she has had access to the personal file, a copy of the note is sent to the DPO. l) The DPO updates the subject access register with the date when the request has been met. m) The subject access request register is to contain a column to take note of the date, termed as retention date, when personal details should be deleted. The retention period should not exceed six months from the date when the request has been met. This DPO should therefore update this field accordingly. n) Periodically the DPO is to check the subject access request register for requests which exceed the six-month retention period as mentioned in (m) above, and delete all personal details in the columns containing the identity card number and names/surnames of the data subjects concerned. 2. Day-to-day enquiries for routine information When an employee makes a simple specific request, such as details of vacation leave entitlement, salary information and similar records, these requests will continue to be dealt with by HR Branches, without reference to the departmental DPO. HR staff would only need to consult the employee's records and give the required information. No record related to the enquiry needs to be kept. September 2015 Page 11

13 2.7 Return on Private Work by employees Public officers are required to obtain permission from their respective Permanent Secretary before undertaking any private work outside their official duties. Following the granting of permissions, Directors Corporate Services process and retain such records. Directors Corporate Services are required to inform the Inland Revenue Department on public officers authorised to engage in private work. 1. Public officers should continue to submit an application in writing to their respective Permanent Secretary to obtain permission before undertaking any private work outside their official duties. Requests should be channelled through the respective Head of Department. 2. Directors Corporate Services should still keep records of public officers granted approval to perform private work. 3. When Directors Corporate Services inform the public officers of the approval to perform private work, they should draw the officers' attention to the fact that the particulars relating to approvals of permission to perform part-time work are being sent to the Commissioner of Inland Revenue. 4. HR Managers/officers are to update records of employees by contacting individually the employees already granted such permission, and confirm the relevant details or otherwise. 5. The HR Branch is to inform the respective Department Head of any changes in the conditions of permissions in respect of their employees who were granted approval to perform part-time jobs. September 2015 Page 12

14 2.8 Sick Leave certificates Employees who are away from work on sick leave submit their sick leave certificates to their department. In some departments, sick leave certificates are attached to attendance sheets until such time as the latter are referred to the HR Branch. 1. Sick leave certificates are not to be attached to attendance sheets. 2. Sick leave certificates sent in or handed by employees are to be referred to the HR Branch, through the respective Head of Section, for retention by HR personnel. 3. In cases of outlying offices, these sick leave certificates are to be submitted to senior officers dealing with HR matters, through their respective immediate superiors. 4. The sick leave card and other related records are to be updated accordingly. 5. Sick Leave certificates are not to be put away in personal files. 6. Sick leave certificates are to be destroyed after one year from date of issue. September 2015 Page 13

15 2.9 Access to IT Applications for HR purposes In the course of routine duties, HR staff consults and accesses the databases of "corporate" IT applications such as HRIMS, Payroll, the Absence Management System (AMS) and CdB. HRIMS (Human Resources Information Management System) is an application that is used to manage employment information about government employees. Apart from employee identification details, its database contains other data such as grade, salary scale, career progression, etc. The HR Manager advises PAHRO to give access to a particular public officer. The Government Payroll System is used to maintain salaries, allowances, NI, FSS, IBAN and other salaries related details and information, and to issue salaries and payments to around 50,000 employees and students whose details are on this system. Payments are issued every 28 days, and eventually a set of salary-related reports are system generated with every payroll run. This system comprises a thick client version, which is used by the Central Salaries Section in Gozo and the Payroll Section at PAHRO, and a thin version, which is used by salaries sections in line departments to input overtime, allowances, internal transfers and changes in IBAN numbers. User accounts are administered by PAHRO. The Absence Management System complements the Government Payroll System, and records all absences availed of by persons whose details are on this system. This system, apart from the basic personal details of employees, contains details of vacation leave, sick leave, study leave, maternity leave, and all other absences which public employees are authorised to avail of according to the provisos of the Public Service Management Code (PSMC). User accounts are also administered by PAHRO. CdB (Common Database) contains personal information of all the persons who come across the Public Registry and the Electoral Register, within Identity Malta Agency. The CdB is owned by the Department of Civil Registration and is used in government departments to check individuals' personal details such as ID Card number, name and surname, dates of birth, marriage and death, addresses, person relationships such as parents, children, and spouses. The Head of each department or his representative informs MITA, on behalf of the Department for Civil Registration, to give access to public officers. 1. Safeguard s 1.1 These databases can contain sensitive data and, therefore, the following safeguards must be introduced to control access: a) Access to these systems must always be given on a need-to-know basis requests for new users should be restricted. b) Existing users should be checked to see if they do, in fact, truly need access to these systems. c) Access passwords should not be divulged to any other officer. Staff must ensure that they safeguard their passwords in accordance with MITA standards. d) Staff logged in to any HR application should log off before leaving their PC unattended. e) In all cases, where a public officer granted access to any particular database is transferred to another department or is performing other duties, access to these databases should be terminated. 1.2 Furthermore, databases cannot be passed from one HR department/branch to September 2015 Page 14

16 another if the processing is different from the purpose for which the data was collected. 2. HRIMS access procedures a) The HR Manager informs the Ministry s Chief Information Officer (CIO) via , giving details of the officer who is required to access HRIMS. The level of access also needs to be specified. b) The Office of the CIO generates an ERFS (Electronic Request for Service) for HRIMS installation. c) The HRIMS administrator approves request electronically. d) Once account is approved, MITA creates the necessary user rights on the HRIMS server and on the system, and informs the particular officer of the details required to access this system, of their respective login name and password. e) The HR Manager is informed that access has been granted to the officer in question. f) The HR Manager is to inform the HRIMS administrator when to terminate access to this application. This is usually done by means of an ERFS to delete the respective account. g) An audit log account is to be kept of who is accessing the system. 3. Government Payroll System access procedures (for CSS and PAHRO users) a) The Assistant Director, Salaries and Pensions, informs the Payroll Governance Manager at PAHRO via that a new user within his/her section is required to have access to the system, specifying if access is on a read-write-delete or read-only basis. b) Once the Payroll Governance Manager is satisfied that there is a real need for another user, he asks the Assistant Director, Salaries and Pensions to generate an ERFS c) The Office of the CIO generates the required ERFS for Dakar Payroll installation. d) The Payroll Governance Manager approves request electronically. e) Once account is approved, MITA creates the necessary user rights on the payroll server, and remotely install the system onto the PC of the new user. f) PAHRO then creates the necessary user account, and informs the particular officer of the details required to access this system. g) The Assistant Director, Salaries and Pensions is informed that access has been granted to the officer in question. h) The Assistant Director, Salaries and Pensions informs the Payroll Governance Manager when to terminate access to this application. This is usually done by means of an ERFS to delete the respective account. i) An audit log account is to be kept of who is accessing the system. The Absence Management System (AMS) and Payroll System access procedures (for line departments) a) The respective individual informs the Ministry s Chief Information Officer (CIO) via , The level of access also needs to be specified. b) The Office of the CIO generates the required ERFS for AMS/payroll access. September 2015 Page 15

17 c) The Payroll administrator approves request electronically. d) Once account is approved, the person responsible for creating user accounts at PAHRO creates this account on the system, and informs the prospective user via of the login and password. The system is web-enabled, and there is no installation involved. e) The respective supervisor or the Ministry s CIO should inform the Payroll Administrator when to terminate access to this application. This is usually done by means of an ERFS to delete the respective account. f) An audit log account is to be kept of who is accessing the system. 3. CdB access procedures a) The Head of Department writes to the Director for Civil Registration within Identity Malta Agency asking for permission to access the CdB. b) When permission is granted, the details of those public officers who are to access the CdB are passed over to MITA, on behalf of the Department for Civil Registration, to open the necessary accounts. c) HR Managers should co-ordinate with the Directors to approve Request for Service for officers who are authorised to use the CdB for HR purposes. d) CdB administrator opens an account and informs the particular officer of the details required to access this database. e) The HR Manager is to inform the CdB co-ordinator within his/her department, to inform the CdB administrator to terminate access to this application when required. f) The system keeps an audit log account of who is accessing the CdB. September 2015 Page 16

18 2.10 Disclosing HR records to other Ministries or Departments HR officers are occasionally asked by officers outside their branch to give information about employees within their own department. These requests are often made by telephone. Normally, HR officers do not divulge any personal information. 1. HR staff must not automatically answer questions from a senior official (or any other official) from another department or ministry about an employee's personal data. 2. There should be a written communication, stating what information is required, the reason, and if applicable, under what section of the law that information is being requested. 3. The HR Manager is to decide and approve whether such information is to be given, after he considers the request. 4. Such request should be turned down if the information being requested is not for: a) HR purposes related to the employee in question; or b) As required under a particular law. 5. Inform the data subject prior to the disclosure, unless this will prejudice any action under a particular law (e.g. Criminal Code). 6. Where the request is made by an audit and/or investigative entity, the guidelines Disclosure of Personal Data for Audit and Investigative Purposes (found on URL: ) apply. September 2015 Page 17

19 2.11 Public Service Research Heads of Department are often asked to give contact details of public officers so that they can participate in any research involving the Public Service. Normally, this research is carried out by students or public officers as part of their studies. Depending on the research to be carried out, files containing personal data may be required to complete the research. Currently, there is no specific corporate procedure to handle such requests. The submission of personal details is at the discretion of each particular Head of Department. Similar requests may also be requested by applicants through Freedom of Information requests. It is pertinent to note that applicants making a FOI request cannot be requested to specify the reasons why they have submitted such a request. In the event that a FOIA request points towards access to personal data as specified below, this is considered as exempt through Article 5 (3) (a). Requests for information arising from an FOI request, are to be dealt with in accordance with the FOI Act and its subsidiary legislations. (Note: Research exercises include also surveys.) 1. Every individual (student or public officer) who needs to carry out research should first obtain permission in writing from the respective Head of Department to have access to records related to the research. The application should contain the following details: a. Name and surname of individual carrying out research; b. ID Card No.; c. Address; d. Brief description of research required; e. Purpose of research; f. What personal details are required; g. Any terms of references and/or approval from ethics committees, universities, institutions, etc, - if research is not being done on a personal basis. 2. Where the research is going to involve sensitive personal data as defined by the Data Protection Act (data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health or sex life), approval by the Commissioner for Data Protection for such research should also be presented by the individual. If this is not presented, the request should be turned down. 3. If the research concerns the Public Service in general, involving a number of government departments, and requiring contact details of public officers in different departments, the application with the details mentioned above should be directed to PAHRO. In such cases PAHRO are to approve or otherwise the research, and will communicate its decision in writing to ministries/departments, as well as to the individual conducting the research. 4. If the research is related to a number of government departments within one particular ministry, the application with the details mentioned above should be directed to the Director Corporate Services of the ministry in question. In such cases the DCS or his delegate is to approve or otherwise the research, and will communicate the decision in writing to the departments within the ministry, as well as to the applicant of the research. 5. Approval for research related only to a particular ministry/department is to be given in writing by the respective Head or his delegate. September 2015 Page 18

20 6. In all cases, the approval for such research communicated in writing by the Head of Department or his delegate should also oblige the individual making the research to apply necessary safeguards as a condition for carrying out this research, namely: a. The personal data accessed or given are only to be used for that specific purpose to conduct the research and for no other purpose; b. At the end of the research, all personal data should be destroyed; c. All references to personal data should be omitted in the report unless consent is specifically obtained from the person being identified in the research report; d. Participation by public officers in the research being conducted should be at their discretion, and they can refuse any participation whatsoever if they so wish; e. The ministry/department is to be provided with a copy of the research report. Where PAHRO has given the approval for such research as indicated in 3 above, a copy of the research report to PAHRO should suffice; f. Any other measure deemed fit by the respective Head, depending on the nature of the research to be carried out. 7. Where contact information of public officers is required, only minimum details should be given, as follows: i. Name and surname of public officer; ii. Position/Grade; iii. Government department he/she is serving in. 8. In cases where the personal data being requested goes beyond the normal official data which is of public interest (e.g. list of employees living in Gozo, or list of public officers doing a particular task, etc), the Head should take a considered decision on whether the employees, who may be subjects of the research in question, are to be contacted or not to obtain the necessary consent directly from them. a. If the ministry/department opts to obtain consent, then an appropriate officer is to be assigned to contact the employees within the ministry/department that fall under the criteria of the research in question. The consent obtained from them should cover the disclosure of their contact details to the person carrying out the research. b. If it is decided not to seek consent, no contact details are to be disclosed to the individual carrying out the research. c. Only the contact details (as per paragraph 7) of those employees giving their consent are to be disclosed to the individual carrying out the research. 9. Public officers who are contacted to participate in the research being conducted should be free to decide whether to participate or not. September 2015 Page 19

21 2.12 Annual Assessments Reports Performance Management Programme (PMP) reports are prepared annually by the nextlevel supervisor and signed by the employee and the respective supervisor. These forms contain a number of objectives that an employee is expected to achieve and ratings are given against those objectives at the end of the review period. PMPs are sent to the respective HR Branch and stored in separate folders. Once an employee is being transferred to another ministry, all PMPs are inserted in the respective personal file and sent to the new HR Branch. From time to time PAHRO requests DCSs to forward copies of PMPs of employees who are due for promotion or progression, usually covering the last 3 years. Copies of these forms are also sent to PSC. Performance Review Reports are also drawn up for officers engaged on contract basis. There is no standard procedure concerning retention of these reports. [Note: The procedure concerning handling of PMPs applies also to Performance Rating Reports (PRRs), which were in use prior to the introduction of PMPs and are now being phased out.] a) Indefinite Contract Employees 1. The storing of assessment reports in separate folders is to be continued. 2. In cases where an employee is transferred to another department, PMP forms are not to be removed from the separate folders. The folder holding the PMPs is to be attached to the personal file and forwarded together with the personal file to the department where the respective employee has been transferred. 3. PMPs held in HR Branches should be destroyed after 10 years from the date of the report. b) Definite Contract Employees 1. Performance Review Reports of officers engaged on contract basis should also be filed in separate folders. 2. Such reports, with the exception of reports relating to Permanent Secretaries, should be retained for 10 years from the date of the report, by the HR Manager of each respective ministry. 3. Performance Review Reports of Permanent Secretaries are to be retained for 10 years from the date of the report, by the Principal Permanent Secretary 4. Where such officer below the grade of a Permanent Secretary is detailed to perform duties in another department, the review reports are to be forwarded separately to the HR Manager of the ministry responsible for the department to which the officer has been detailed. September 2015 Page 20

22 2.13 Attendance Sheets All office personnel below Salary Scale 5 sign daily on an attendance sheet when reporting for work. They register their time of arrival and time of departure. In cases of absences on account of vacation or sick leave, authorised officers mark the attendance sheets accordingly. Attendance sheets are certified by senior officers authorised to monitor attendance. Occasionally, attendance sheets are consulted to verify attendance of a particular officer for a specific period, if such attendance sheet is found. 1. Authorised officers certifying the attendance sheets should record the notification of sick leave, where possible in the remarks column of the attendance sheet, in accordance with the PSMC ( ). 2. No sick leave certificates are to be attached to the attendance sheet (refer to section 2.9 of this document). 3. HR officers inspecting the attendance sheets are to ensure that: a. all absences are recorded in their appropriate record forms (Leave Card, Sick Leave Card, Temporary Absences, etc). b. update all other records which may be kept in the Absence Management System (AMS), or any other system running at the department concerned. 4. With the exception of the period between 1976 and 1979, attendance sheets are not to be kept for more than two years, in line with the retention policy for HR related records. September 2015 Page 21

23 2.14 Definite Agreements for Contract Employees (non-public Officers) Agreements for the engagement of contract employees from outside the Public Service, whose engagement does not require PSC endorsement (Persons of Trust, members of Ministers and Parliamentary Secretaries private secretariats and public employees seconded to the public service) are made to regulate the conditions of engagement in respect of the services rendered by such employees. These contracts are normally for a fixed term, and can be renewed by the respective Permanent Secretary. Position files are also opened to retain personnel records related to the contract employee subject to OPM approval. In the case of Private Secretariat contractual staff, authority to renew such contract is delegated to the respective Permanent Secretary. 1. The practice of opening a position file to maintain all personnel records as required in respect of the contract employee is to be continued is to apply for the movement of such personal file. 3. All relevant personal records related to such contract employees, are to be retained at least for the duration of the contract, for monitoring and assessing the performance of such employee, and eventually to enable a considered decision on the renewal or otherwise of the employment contract. 4. In the event that the contract is renewed for another term, all relevant personal records (including all documents in relation to the first term) are to be retained for the validity period as specified in the renewal of the contract. 5. If the contract is terminated or not renewed, all personal records related to the performance or conduct/discipline of the contract employee, - with the exception of other documents related to the conditions of work including the employment contract in question, and any other record which may be required under the employment law, or by or under any other law, - are to be disposed of and/or deleted, provided that there are no pending issues. In case of pending issues, such records may only be disposed of and/or deleted, when the pending issue is resolved. September 2015 Page 22

24 2.15 Outsourcing Verification of Sick Leave Government departments often enter into agreements with medical practitioners to certify the condition of their employees who report sick. This measure is often required to reduce the abuse of sick leave. It may also occur that certain departments provide free medical service to their employees. Government departments will have to furnish personal details to the contractor to carry out the visits on their behalf. If such agreements do not cover data protection requirements, government departments will be in breach of the Data Protection Act. Government departments may take this measure if deemed necessary. From a data protection point of view, government departments will still be responsible for employee data forwarded to the contractor. Entering into an agreement with the medical practitioners will constitute a relationship between the data controller (the department concerned) and the processor (the contractor). The DPA requires that this relationship be governed by a legally binding instrument. In this regard, the following procedure is to be followed: 1. When a tender is issued, the conditions for the delivery of the service may include the data protection clauses to regulate the processing of personal data by a processor. In such instances, a reference to the data protection clauses specified in the tender would suffice when drawing up the contract. A specimen of the data protection clauses, which will have to be modified for such purpose, may be found on URL 2. Where the tender does not include the data protection requirements, such clauses as indicated in 1 above, should be included in the contract drawn up between the department and the service provider. 3. Alternatively, where government departments have already signed contracts which do not include data protection contractual clauses with the service provider, such contracts are to be revised to provide for data protection requirements. An amendment to the contract by means of an addendum, or an exchange of correspondence whereby both parties endorse and regard the inclusion of such data protection clauses as an integral part of the contract, should suffice. 4. Any medical data, gathered by the medical practitioner exclusively for treating the employee, other than that required to certify or verify the sick leave or health condition of the individual, should remain the property of the medical practitioner as governed by the medical profession and health ethics. September 2015 Page 23