I was posed a question today. One that has data protection implications
though is covered mostly under internal policies.
Background:
* An employee is on long term sick leave and is incapable of granting
any consent to anything because of the medical condition. No powers of
attorney exist. No-one is empowered to give personal consent on behalf of
that employee.
* The employee's company email account is locked against other
people's use as a matter of policy, and no "delegated powers" have been
granted by that employee to any other person. Perhaps a sin of omission,
perhaps on purpose.
* Corporate policies state that email may be MONITORED. They do NOT
state that a mailbox may be entered.
* Private use of corporate email is neither permitted nor prohibited.
It simply happens.
Problem:
The team within which the employee works wishes for access to the employee's
email box, and wishes to set up rules such that ALL emails that come in are
redirected to a nominated person. Policies are in place internally which
prohibit this in all cases except by authorisation of more than one senior
person, at least one of whom is not directly connected with that business
unit
In itself that request is reasonable, and would be totally reasonable if
personal use of the email account were not tacitly allowed. However the
personal use makes us consider that there are both moral and legal risks. A
situation MIGHT be as follows:
Begin awkward situation:
An incoming email in the newly entered mailbox reveals the employee to have
an unusual sexual predilection, and even declares undying love for that
employee. It is sent by another employee. Research into the email audit
trail by gossip hungry colleagues reveals a long term affair of a less than
conventional type and a gossip trail starts. Reputations are damaged.
End awkward situation
My question is about how much if any of this is affected by Data Protection
legislation. I have deliberately posed a personal and sexual situation here
as an example of the "worst" outcome that I can see. Alternative ones might
reveal things like dishonesty, alleged or real.
I must say CLEARLY that the putative situations in this email do not apply
to the situation we are considering, and that the employee on long term sick
leave may or may not be an exercise to illustrate a point internally
_____________________________________________________________
Tim Trent
Director of Database Marketing; Chief Privacy Officer EMEA
> Gartner
EMEA Marketing, Tamesis, The Glanty, Egham, Surrey, United Kingdom,
TW20 9AW
Switchboard +44 (0)1784 431 611, Direct Line +44 (0)1784 267 335, Mobile +44
(0)7710 126 618
Visit our home on the web: http://www.gartner.com
The opinions expressed in this message are my own, and may or may not
reflect those of my employer. They are expressed as a part of the
discussion on the JISCMail mailing list on data protection and for no other
purpose. They have no legal standing and are offered as part of informed
and informal discussion. They may NOT be attributed to Gartner in any way.
Any personal data provided is provided expressly for use of discussions on
the JISCMail Data Protection Discussion list. Under the UK Data Protection
Act 1998 I expressly forbid any individual or organisation to make
commercial use of my data published either on the email list or in the
archives of that or other lists whether this message appears or not. This
includes messages already published in the archives.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|