In a message dated 30/07/2002 09:24:32 GMT Daylight Time,
[log in to unmask] writes:

<< Reading through the thread on this subject, is it then acceptable to
 formulate an organisations (In deference to Charles earlier comment this
 includes systems and people) e-mail I.T. strategy to make it difficult to
 find personal data contained within emails, when a subject access request is
 received; as opposed to formulating a strategy which supports and enables
 such requests?  Looking at Google groups and similar e-mail/newsgroup
 archives, the technology certainly already exists (Although I do consider
 that material is retained excessively).

 Would such a stance also apply to other parts of the I.T. strategy, and
 would the OIC then apply similar advice?

 How does an organisation following a strategy of that (non-compliant) type
 justify that it is abiding (or trying to abide) by the legislation? >>
---------
Very provocative.  Surely the OIC wouldn't take such a line :-o.  Say for
example our children's fingerprints were being taken without our (parentel)
consent for a trivial thing like unreturned library books, I reckon the OIC
would jump on the data controllers and make them comply ;-)

In terms of SARs and e-mails, I think the relevant part of the advice from
Peter Bloomfield is "The exact criteria depends on the size of system and
ease of searching for references to an individual."  Most systems are well
capable of searching for specific content and will pick up the gratuitous use
of the word "breasts" and some systems can parse text and pick out any
references to Scunthorpe and Essex.

(I wonder how many of you will not get this e-mail, tee hee!!)

One data controller I know of has the word "confidential" in their banned
words list (it is, isn' tit Dave?) and has several thousand e-mails to look
at before they can be released.

What it proves is that if you can search on specific keywords, the search
criteria could be someone's name like Dick Cheney.  The ease of searching the
e-mail system depends on whether you can search at all.  As most employers
monitor e-mail content for compliance with corporate policy, searching for
e-mails containing the words "Ian Buckland" should not be a problem.

What could prove problematic is searching for references to "that awkward
git" as the e-mails could be about someone else, not me.


Ian Buckland
Managing Director
Keep IT Legal Ltd

Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor.  If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:

55 Curbar Curve
Inkersall, Chesterfield
Derbyshire  S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^