Dave Wyatt on 10 November 2001 at 01:16 said:-

> the employee the right to choose, if exonerated, the
removal of all records
> relating to the investigation and result

I disagree.  If an employee is exonerated no entry
should be made on the employees record of that
investigation at all.  The employee should not have to
choose if the information should be destroyed. Any
stance other than an automatic disposal of
unsubstantiated allegations would cause significant
problems, and malicious allegations will result in 'the
mud sticking'.  Any malice would then always serve its
purpose.

If the 'not guilty' results of a criminal court were
stored forever by the police a similar circumstance
would arise.  Where those not guilty verdicts are
stored, difficulties are experienced by the individuals
concerned.

Ian W


-----Original Message-----
From: This list is for those interested in Data
Protection issues
[mailto:[log in to unmask]]On Behalf Of
Dave Wyatt
Sent: 10 November 2001 01:16
To: [log in to unmask]
Subject: Re: E-mail monitoring & records of
investigation


My view for information / debate.

> Should the employee be made aware of the
investigation and at what stage -
before/after/during?

Before via notices at time of recruitment. The purpose
of the processing
appears to be Staff administration?

Notice of such a purpose should have been given at
recruitment possible as
part of a staff handbook on company policies explaining
in more detail what
staff administration entails. Under 84 Act such notice
given it was an
obvious purpose did not require notification. Under 98
the text of the
legislation states all purposes should be notified.

> Should a record of the investigation be retained on
the Personnel file if
the employee is exonerated?

Is the record excessive to the purpose of staff
administration (Principle
5). Debateable. Many personnel records have differing
useful time span but
the purpose of 'staff administration' is generic and
appears to allow
retention for the duration of an employees contract.
There could be an
argument of 4th principle 'data where necessary should
be kept up to date'
to support erasure. This principle has no cross
reference to the purposes of
processing. Principle 1 fairness also has no reference
to purposes simply
the processing of the data itself. As the data created
for the personnel
file is in fact new dynamic data (that created from
other data and
facts)then it is technically arguable Sch 1 Part 2
section 3d comes into
play and as such the data controller should revisit
fairness and notify the
employee they have created and are holding such new
data. There appears no
exemption to this in this context.

In practice there appears little justification to
retain after the
investigation is complete. The best way of protecting
the employee if
exonorated (and presumably preserve employee relations)
is to remove the
record. To leave it despite the result signifies
employee was under
suspicion? (Mud sticks). The result also appears to
signify a potential
failure in the trigger mechanisim for the
investigations which themselves
should be reviewed and refined as appropriate. If
started via a tip off was
done in a malicious manner. If I was the employee I
would wish to have the
record erased and argue my right of erasure (as soon as
I discover it is
there via fair processing notice.

> Does it then form part of the disclosable file?

Yes. The right of access remains.

> Can any retention of the data be justified and what
might be a reasonable
retention period?

As this principle 5 is associated with the purpose of
processing it is
arguable that all records held for staff admin purposes
can be retained for
the lifetime of the employees contract of employment
given the purpose is
defined generically. Clearly the data itself can be
damaging despite the
exoneration result and employees can ask to have it
removed via their right
to erasure via section 10, but they can be forced to
court for this. (Not
good employee relations practice). This principle is
not particularly useful
in this context given the generic definitions of the
purposes of processing.

As ever the technical interpretation of the Act only
signifies what is
possible should someone choose to fight for their
rights. No one generally
fells comfortable to find they were suspected of any
wrongdoing but most
allso may accept the need to monitor if clearly
informed of procedures and
safety controls. The real issue is what is good
employee relations practice.
The Act does not prevent such investigations and if
proper security
processes are in place informing any individual in
advance of the potential
investigations should not prevent investigation
proceeding under staff
administration purpose. The actions which will occur
dependent on result
should also be advised up front and offer the employee
the right to choose,
if exonerated, the removal of all records relating to
the investigation and
result. In this manner employer / employee relations
should be maintained.
Unfortunately from various articles seen and seminars
attended it appears
too many employers take a too high moral stance on data
capture about
employees with little justification.


Hope this view assists. Again as ever Im keen to hear
any other views.


David Wyatt



> -----Original Message-----
> From: This list is for those interested in Data
Protection issues
> [mailto:[log in to unmask]]On Behalf Of
Su Goulding
> Sent: 09 November 2001 17:18
> To: [log in to unmask]
> Subject: E-mail monitoring & records of investigation
>
>
> Hypothetical (but possible) scenario - An employee,
in a firm
> with published
> policies on acceptable use of e-mail, is suspected of
breaching
> the policy.
> Let's say they are suspected of distributing
unsuitable material.
>  A covert
> investigation is launched in line with agreed
procedures, appropriately
> authorised by management, for a specified purpose and
a pre-determined
> length of time.  Facts are gathered, with the result
that the employee is
> exonerated.
>
> - Should the employee be made aware of the
investigation and at
> what stage -
> before/after/during?
> - Should a record of the investigation be retained on
the
> Personnel file if
> the employee is exonerated?
> - Does it then form part of the disclosable file?
> - Can any retention of the data be justified and what
might be a
> reasonable
> retention period?
>
> There are a number of possible pitfalls throughout.
Not least is
> the damage
> to the employer/employee relationship and any
potential claim for
> damage/distress as a result (what if the employee
thought  - rightly or
> wrongly - that they had been denied promotion as a
result of the
> investigation?).  However, the employer might find
the data beneficial if
> the employee was later found to be breaching policy
in the same way on a
> different occasion.
>
> The fundamental issue might lie with the wording of
the policy/procedures
> and sweeping assumptions that these are entirely
legal and reasonable have
> been made throughout.
> No views advocated, no agenda represented.
> Have a good weekend, all.
>
> Su Goulding
> Data Protection Analyst
> tel: 020 7330 3491
> mobile: 07767 674376
> [log in to unmask]
>
>
>
>
========================================================
==============
>
> This email is confidential and may also be
privileged.  If you
> are not the intended recipient please notify us
immediately by
> telephoning +44 (20) 7330 3000 and requesting the IT
Helpdesk.
> You should not copy it or use it for any purpose nor
disclose its
> contents to any other person.
>
> Allen & Overy
> One New Change
> London
> EC4M 9QQ
>
> Tel:+44 (20) 7330 3000
> Fax: +44 (20) 7330 9999
> General Email: [log in to unmask]
> www: http://www.allenovery.com
>
> Allen & Overy is a solicitors' partnership.  A list
of the names
> of partners and their professional qualifications is
open to
> inspection at the above office.  The partners are
either
> solicitors or registered foreign lawyers.
>
>
========================================================
==============
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^
>     If you wish to leave this list please send the
command
>        leave data-protection to
[log in to unmask]
>             All user commands can be found at : -
>     www.jiscmail.ac.uk/user-manual/summary-user-
commands.htm
> all commands go to [log in to unmask] not the
list please!
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^
    If you wish to leave this list please send the
command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-
commands.htm
all commands go to [log in to unmask] not the list
please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^