My earlier e-mails would seem to be broadly in line with the DTI's position (for which I'm rather relieved). To answer Tommy's point:
1) All e-mail sent by employees at work is covered by the regulations,
personal and private.
2) Employers are entitled to intercept *any* e-mail without consent to
investigate or detect unauthorised use of their telecoms systems, if they
comply with the requirements of the Act & Regs.
3) In order to comply with the Act and Regs, employees must be informed
(and reminded periodically) that such monitoring will take place, and that
they have no reasonable expectation of privacy in their personal
communications sent via the employers' network.
4) If you are going to discipline staff for unauthorised use, it is a good
idea to have a clear policy as to what constitutes "unauthorised use", and
to have a clear administrative procedure for determining whether it has
occurred, and the disciplinary consequences, in any given circumstance, and
to ensure that this applies equally to all staff.
5) It is also a good idea to have a monitoring policy which is publicised
to your employees, laying down:
- the criteria for monitoring i.e. "we scan emails for indications of
harassment or abuse";
- the administrative procedure that will occur when the scanning comes
across something suspect, i.e. "we will access the employee's mailbox and
intercept all further e-mails";
- the person or persons who may give permission on behalf of the employer
for scanning and any further measures to take place; i.e. "scanning of
e-mail may only take place with the authorisation of the Head of
Information Services"
- the person or persons who are authorised to actually carry out the
technical part of the monitoring, and the extent of their authorisation to
monitor.
- an oversight body within the employer, with the power to review the
decisions of those authorising monitoring, and the actions of those
carrying it out, on a periodic basis or, in certain circumstances, on
request by an employee.
--On 21 February 2002 12:56 +0000 Su Goulding <[log in to unmask]>
wrote:
> The DTI response to consultation on the LBPs may also be of assistance.
> In particular paras 23-25 which say:
>
> "A number of businesses have indicated that they currently intercept
> communications in order to check for unauthorised use. Some businesses
> monitor internet use to check that employees are not accessing offensive
> material using the company's system. Some scan emails for indications of
> harassment or abuse.
>
> The final regulations, like the consultation draft, will authorise
> business to intercept communications without consent in order to
> investigate or detect unauthorised use of their telecoms systems. This
> will allow businesses to check that staff are not using their equipment
> for unauthorised purposes such as those described above.
>
> The sure way to make it clear what is or is not authorised use would be to
> circulate a notice to staff and/or to put notices on telephones and pcs
> explaining what use of the business's telecoms system was authorised, what
> use was unauthorised. Some uses, however, would be unauthorised even
> without a notices, such as anything illegal (e.g. down-loading child
> pornography) or in breach of an employee's duty (e.g. passing trade
> secrets to a competitor)."
>
> The full text is at
> www.dti.gov.uk/cii/regulatory/telecommsregulations/lawful_business_practi
> ce_ response.shtml
> regards
> Su
>
> -----Original Message-----
> From: Tommy Kennedy [mailto:[log in to unmask]]
> Sent: Thursday, February 21, 2002 12:28 PM
> To: [log in to unmask]
> Subject: Re: email monitoring
>
>
> thanks for that Andrew.
>
> I think you may have helped get to the root of my confusion.
>
> My current understanding is that the Telecommunications (Lawful
> Business Practice)(Interception of Communications) Regulations 2000
> only covers business communications.
>
> So for a system that allowed personal use:
> Business emails would be covered by these regulations.
> But personal email would not.
>
> Is this interpretation incorrect ?
> If yes perhaps this explains why I am seeing a problem where others don't.
>
> many thanks again.
> Tommy.
Andrew Charlesworth
Senior Lecturer in IT Law
Director, Information Law and Technology Unit
University of Hull Law School
Cottingham Road, Hull, HU6 7RX
United Kingdom
Voice: +44 1482 466387 Fax: +44 1482 466388
E-Mail: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|