At 14:35 17/07/00 +0000, [log in to unmask] wrote:
>Can I comment to andrew's message
>
>I wasn't entering into the interpretation of S.1(6) or the scope of the RIP
>Bill. I was saying that when drafting Codes of Practice to copy e-mails sent
>to staff, that is surveillance of staff and that the issues raised in the
RIP
>Codes will be relevant.
>
>For example, one of the considerations with respect to directed surveillance
>is "do we need to undertake directed surveillance?" (i.e. is there another
>way of obtaining the data or proceeding which dioes not require
>surveillance?.
>
>I would suggest that an organisation would be well advised ask the question
>w.r.t. e-mail monitoring "Does this require the exercise of the right to
>control the operation of the system to intercept e-mail?". That whY I used
>the phrase "considerations arising from the
>draft (Preliminary) Codes of Practice"
Chris,
I'd fully agree with that, and apologies if that wasn't the impression I
gave. As a network administrator I can just about cope with the
implications of complying with the DPA. Through the development of the RIP
Bill my concern has been that it might add yet another layer of complexity
(possibly contradicting with the DPA) to the job!
My feelings on the use of any data for disciplinary action has always been
that acceptable and unacceptable use should be clearly explained in
guidelines which employees are fully aware of. It's particularly tricky
where the employer regards "learning about the Internet" as a valid
personal development activity. Without clear guidelines the boundary with
"unacceptable business use" is then almost impossible to draw and I'd feel
that any attempt to do so would be outside the DPA's definition of "fair use".
Andrew
--------------------------------------------------------------
Andrew Cormack
Head of CERT
UKERNA, Atlas Centre, Chilton, Didcot, Oxon. OX11 0QS
Phone: 01235 822 302 E-mail: [log in to unmask]
Fax: 01235 822 398
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|