You might like to look at the BSI supplement to the "Guide to the Practical
Implementation of the Data Protection Act "PD0012:2 - 2000 (supplement not
authored by me)
Alasdair Warwood
----- Original Message -----
From: Chinery, Colin (Finance, IT - Solihull MBC) <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, March 08, 2001 2:36 PM
Subject: Quis custodiet ipsos custodes? (Who monitors the monitors?)
> As Solihull MBC we have published an Acceptable Use Policy for Email and
are
> obtaining all users signatures that they agree to abide by it.
>
> We allow reasonable personal use -
>
> "The Council e-mail facilities are provided primarily for business
> use. However a limited, reasonable amount of personal, private use will be
> allowed: this personal use should be in your own time where possible, but
> occasional, reasonable use in work-time is permitted. Personal use should
> be restricted to short messages, and you must not include attachments to
> personal e-mail circulated within the Council."
>
> and in the next paragraph have included the warning that -
>
> "E-mail monitoring
> All e-mail (including personal e-mail) is logged, and the Council
> reserves the right to inspect the contents of any e-mails you send or
> receive. You should be aware that deleted e-mails can also be retrieved.
> The Council will not inspect individual e-mails unless
there
> is a reasonable suspicion that this or any other Council policy has been
> breached. Guidance and authorisation for any such inspection should be
> sought from an appropriate senior manager.
> There may be occasions when you are off work for an
> unexpected period, and it may be necessary for your manager to be given
> access to your mailbox.
> The Council may also use the log files to analyse overall
> traffic and usage."
>
> I have said that we should have a log of any monitoring runs and that no
run
> should be carried out without a written request for the operation that is
> authorised by a senior manager.
>
> I wonder if any of you have produced a supplementary policy relating to
the
> proper use of such monitoring.
>
> I was thinking that anyone receiving the data should sign an undertaking
not
> to use it for any other purpose and should agree to destroy any files
> produced as soon as they are no longer required. (Avoiding the "I'll keep
> this just in case" problem).
>
> (Replies in English please!)
>
>
>
>
> Colin Chinery
> Data Protection & IT Training Officer
> IT Services Division
> Tel: 0121 704 6251 Fax: 0121 704 8034
> [log in to unmask]
>
>
>
> DISCLAIMER:
> 'This e-mail and files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you are not
the intended recipient please notify the sender immediately and delete the
message. Any views or opinions presented are solely those of the author and
do not necessarily represent those of Solihull Council unless explicitly
stated otherwise. Solihull Council may monitor the contents of e-mail sent
and received via its network for the purposes of ensuring compliance with
its policies and procedures.'
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|