> If you allow personal use of e-mail and staff are informed to use> "Personal" in the subject line, you have no basis under 'Lawful Business
> Practice' to open these e-mails.
> You can however monitor traffic and if staff are sending large amounts of
> personal e-mails you can tackle that issue.
>
> Nic Drew
> DPO Cardiff & Vale NHS Trust
This is an interesting interpretation of the Regulation of Investigatory
Powers Act (RIP) 2000 and The Telecommunications (Lawful Business Practice)
Interception of Communications) Regulations 2000, albeit one that appears
to have no obvious basis in either document. The simple act of placing
"Personal" in the subject line does not prevent an employer from
intercepting and opening an e-mail, as the Regulations provide several
justifications for just such an interception:
- to prevent or detect crime,
- to *investigate or detect unauthorised use of telecommunication systems*
or,
- to secure, or as an inherent part of, effective system operation;
If you have an institutional e-mail acceptable use policy that permits
personal use, but lays down criteria within which such personal use may
take place e.g.
Users may not use institutional resources and facilities, to transmit:
- commercial material unrelated to the legitimate educational business of
the institution, including the transmission of bulk e-mail advertising
(spamming).
- bulk non-commercial e-mail unrelated to the legitimate educational
activities of the institution which is likely to cause offence or
inconvenience to those receiving it. This includes the use of e-mail
exploders (i.e. listservers) at the institution and elsewhere, where the
e-mail sent is unrelated to the stated purpose for which the relevant
e-mail exploder is to be used (spamming).
- unsolicited e-mail messages requesting other users, at the institution
or elsewhere, to continue forwarding such e-mail messages to others, where
those e-mail messages have no educational or informational purpose (chain
e-mails).
- e-mails which purport to come from a individual other than the user
actually sending the message, or with forged addresses (spoofing).
- material that is sexist, racist, homophobic, xenophobic, pornographic,
or similarly discriminatory and/or offensive.
- material that advocates or condones, directly or indirectly, criminal
activity, or which may otherwise damage the College's research, teaching,
and commercial activities, in the UK or abroad.
- text or images to which a third party holds an intellectual property
right, without the express written permission of the rightholder.
- material that is defamatory.
- material that could be used in order to breach computer security, or to
facilitate unauthorised entry into computer systems
- material that is likely to prejudice or seriously impede the course of
justice in UK criminal or civil proceedings.
and you have reason to believe that a staff member is engaged in such
activity, I can see no reason why the fact that they have placed "Personal"
in their subject line would render their e-mail communications exempt from
interception, if you have made it clear that they have no reasonable
expectation of privacy in their personal communications sent via an
institutional network.
Andrew Charlesworth
Senior Lecturer in IT Law
Director, Information Law and Technology Unit
University of Hull Law School
Cottingham Road, Hull, HU6 7RX
United Kingdom
Voice: +44 1482 466387 Fax: +44 1482 466388
E-Mail: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|