If you allow personal use of e-mail and staff are informed to use "Personal"
in the subject line, you have no basis under 'Lawful Business Practice' to
open these e-mails.
You can however monitor traffic and if staff are sending large amounts of
personal e-mails you can tackle that issue.
Nic Drew
DPO Cardiff & Vale NHS Trust
-----Original Message-----
From: Tommy Kennedy [mailto:[log in to unmask]]
Sent: 20 February 2002 14:35
To: [log in to unmask]
Subject: email monitoring
Hi all
- a rather long winded question on email monitoring.
We are looking to strengthen our email monitoring.
So I've been reviewing our email policy (again) to reflect this.
And working with our legal team to make sure anything we do meets DP, RIPA,
HRA, etc.....
One sticky problem keeps coming up.
Personal use.
We currently allow reasonable personal use.
But the more I look at this the more difficult it becomes to justify.
My understanding:
We can monitor business email in terms of the Telecommunications (Lawful
Business Practice) (Interception of Communications) Regulations 2000.
But to monitor personal email we need to fall back on RIPA section 3.
i.e. both parties have consented.
So the options would be:
1. Ban personal use and monitor everything
2. Allow personal use and monitor only business use
3. Allow personal use, gain employee consent, and monitor everything
The second two options are possible but would present their own difficulties
and risks.
e.g. 2 leaves us open to abuse of personal email facilities.
and 3 doesn't address the issue of 3rd parties in personal email.
So option 1 is the easiest and safest.
I suppose the reason for this email is that this seems to me to be rather
unenlightened.
So before recommending it, I wondered what others were doing ?
Perhaps I have missed something ?
Or maybe most are already banning personal use ?
Or are happy to allow personal use unmonitored ?
Any offers gratefully received.
thanks
Tommy Kennedy
South Ayrshire Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|