Moira
OK but isn't it fairly clear in most organisations that systems such as
email, internet, snail mail, internal mail are there for primarily business
purposes? Email/fax are not secure therefore staff are unwise to transmit
"sensitive" personal information by these means, for example.
If by private you mean non-work related mail then this is a risk that staff
take if they receive/send non work related mail at/from the work address.
Monitoring is a sensitive issue but if policies make it clear to staff how
the monitoring operates and who is authorised to implement the policy then
there should be few risks.
Unauthorised opening of mail of any sort and listening in on telephone
conversations is a serious offence. One can imagine this can happen. For
example IT can access email; internal mail, faxes and incoming and outgoing
mail are not secure and, potentially, anyone could take a look.
I'm not sure what scenario you have in mind so it is difficult to offer more
than practical thoughts.
"intrusion justified by benefit to the business" seems to be an odd phrase
to use. Smacks of covert surveillance. I'm sure most organisations don't
have this in mind when they frame and disseminate policies intended to
reduce the amount of abuse of business systems.
Gil
Gil Richardson
Senior Information Manager
RCGP
email: [log in to unmask]
Website: www.rcgp.org.uk
Tel: 020 7581 3232 ext 231
Fax: 020 7584 1992
"Promoting Excellence in Family Medicine"
This email is confidential. It may not be disclosed to, or used by, anyone
other than the addressee. If you receive this message in error, please
advise the sender immediately.
-----Original Message-----
From: Forbes, Moira [mailto:[log in to unmask]]
Sent: 19 September 2002 13:59
To: Gil Richardson; [log in to unmask]
Subject: RE: Privacy or Corporate Rights?
Thanks for comments received.
However my point perhaps was not clear enough.
(We do have an email policy so I'm not looking for one.)
Perhaps I was wrong to generalise "all communications".
There is a thread of thought which I believe could lead to abuse of
monitoring. ie An employer could open any mail - paper, email, listen into
any conversation simply by saying they believe an abuse of policy/illegal
activity may be happening. This hadn't been the original intention in our
policy, BUT I can think of some people (in a number of organisations) who
will open letters marked Private -personal -sensitive etc by citing this
"justification" as an "intrusion justified by benefit to the business"
The Code of Pratcice states:
. "Only check e-mail accounts, and use personal information contained in
them, for other purposes if there is reason to believe the intrusion is
justified by the benefit to the business. Only in exceptional circumstances
should e-mails that are clearly personal and may also be private be opened,
for example if the worker is suspected of criminal activity."
So what criteria is there for determining "intrusion justified by benefit to
the business"
The situation I describe certainly will not increase trust in the workplace
or transparency regarding information held on workers.
Moira
-----Original Message-----
From: Gil Richardson [mailto:[log in to unmask]]
Sent: 19 September 2002 12:27
To: [log in to unmask]
Subject: Re: Privacy or Corporate Rights?
Moira
A good starting point may be the BSI DISC PD 0012:2 - 2000: Data Protection
- Guide to Developing an Email Policy.
A lot of the issues are discussed and a sample email policy statement
provided, which can be adapted to suit local circumstances.
Gil
Gil Richardson
Senior Information Manager
RCGP
email: [log in to unmask]
Website: www.rcgp.org.uk
Tel: 020 7581 3232 ext 231
Fax: 020 7584 1992
"Promoting Excellence in Family Medicine"
This email is confidential. It may not be disclosed to, or used by, anyone
other than the addressee. If you receive this message in error, please
advise the sender immediately.
-----Original Message-----
From: Moira Forbes [mailto:[log in to unmask]]
Sent: 19 September 2002 11:47
To: [log in to unmask]
Subject: Privacy or Corporate Rights?
I am confused and would appreciate any views / thoughts on the following.
Should an employee expect any level of privacy in their working environment?
Partly I beleive Yes, that employers should only monitor "traffic" of
emails/telephone calls etc ,opening them only if they have reason to
suspect illegal activity or abuse of policy.
However I am also looking at it from the employers business perspective.
Should an employer not expect a right to open any communication including
letters marked "private/personal or confidential", my reasoning being they
could contain tenders or other important business information. They may
even contain confidential secrets which an employee is releasing to a third
party but attempting to hide the fact by classifying the item personal/
private etc.
Which argument stands?
Moira
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
----------------------------------------------------------------------------
Disclaimer:
This message is intended only for use of the addressee. If this message
was sent to you in error, please notify the sender and delete this message.
Glasgow City Council cannot accept responsibility for viruses, so please
scan attachments. Views expressed in this message do not necessarily reflect
those of the Council who will not necessarily be bound by its contents.
----------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|