Dear Bill
I think I will keep my emails free from body tissue if you don't mind !
Seriously though, emails do not contain body tissue (to my knowledge) and
we are not Alder Hey Hospital (I'm reasonably sure of that one). Using
your logic you could substitute snuff movies for body tissue and a dodgy
snuff movie company for Alder Hey Hospital and then you've really got
problems.
Pour me a gin someone and make it a large one....
colette
Bill Smith
<[log in to unmask] To: "[log in to unmask]"
hy.nhs.uk> <[log in to unmask]>
cc:
26/07/2002 13:13 Subject: RE: [data-protection] SARs and email
Archives
Dear Colette
No one said complying with the DPA would be straightforward. Substitute
"body tissue" for "data" in your email and think Alder Hey or Bristol.
Awareness training, as well as technical solutions, is the biggest issue
for
us.
Regards
Bill
-----Original Message-----
From: Colette Healiss [mailto:[log in to unmask]]
Sent: 26 July 2002 09:41
To: [log in to unmask]
Subject: [data-protection] SARs and email Archives
Dear All
Have just been reading through this thread about the difficulties of
identifying relevant emails for an SAR in a large organisation.
Doesn't this issue just boil down to a balance of risk? With the best
will in the world large organisations are not going to be able to keep
track of all the email data staff store on their hard drives or cds and
floppy disks, nor guarantee to be able to find relevant data stored this
way for every SAR. In any case email data cannot really be classed the
same as data on other media given the legal privacy rights now attaching
to individual's email boxes. I agree with the contributor who felt that
the general trawl could be considered disproportionate effort in terms of
the Act.
However I don't think we should concern ourselves too much about this area
unless a Data Subject evidently knows about the existence of relevant email
data and is indicating the location of emails in which they are interested
or are challenging the use of email for transmission of particular data.
Surely most of the important stuff sent this way is also stored elsewhere
and can be obtained via a different route.
My feeling is that an organisation must do what is practicable to keep its
treatment of email data reasonably on a par with other data in terms of
raising staff awareness about DP issues surrounding email data and their
individual responsibilities in relation to the law. If we are expected to
do more I would like to see someone come up with a realistic way in which
we can meet the conflicting demands of DPA section 7 and the relevant bits
of HRA (or whichever piece of legislation it is covering privacy -
apologies for ignorance)
Thank god its friday
Colette Healiss
St Helens
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|