A new part of the Employment Practices Data Protection Code was published this week, the second in a series of four Codes of Practice from the Office of the Information Commissioner. It explains the procedures for storing personal data about employees and job applicants and the rights of employees wanting access to these records. The Code is based on the Data Protection Act of 1998 and should be followed by every employer. The 1998 legislation places responsibilities on any organisation to process personal data that it holds in a fair and proper way. Failure to do so can amount to a criminal offence. The effect of the Act on how a business processes its information on workers can be difficult to understand in some areas, which is why the Code was published -- to state what an employer needs to check and what action needs to be taken. Although the Code contains guidance and is not legally binding, it contains the benchmarks that the Commissioner will use when deciding whether or not to enforce the Act. Consequently, organisations would be well advised to consider its contents very carefully. The three other parts of the Employment Practices Data Protection Code cover recruitment and selection, monitoring at work and medical information. The new Part 2 of the Code is available as a 101-page Rich Text Format download from this page of the Office of the Information Commissioner's Web site.