> How do I justify the monitoring of incoming emails?. Is it necessary to
> monitor incomming emails, why?
There are a number of reasons to justify this, amongst which (not an
exhaustive list) are:
a) interception of kiddieporn, of which the mere presence on your hard disk
is a criminal offence;
b) interception of viruses;
c) interception of attachments, which are sometimes so big as to clog up the
email server or the line for hours;
d) detection of subscriptions to email lists, which are often forbidden for
good reason by policy.
It's my view from a data protection angle that anyone who sends an email via
the Internet is putting its contents and as much personal info as goes with
it (email address etc) in the public domain. So considering the sender as a
data subject, they can't really complain about their email being looked at
by other than the addressee. In fact it should be assumed. There follows the
old analogy: sending an unencrypted email is much the same as
a) going up to a complete stranger in the street
b) handing them a postcard with the words "Would you please deliver this?"
c) assuming they put it in a postbox
d) it gets photocopied in all the sorting offices it goes through.
On the other hand, I wouldn't assume that the average punter in the street
would think this way. They probably assume that an email is much the same as
a letter in a sealed envelope, entrusted to Royal Mail. That's why, from a
Data Protection Act point of view, I have always fought shy of soliciting
email from customers via a website. If this is done, I think as a minimum
there should be a warning that the mail is not secure. And a better solution
would be to have a secure form on the website, avoiding email altogether.
--
Tim Wright
IT Security Manager
Fuji Bank, London
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|