Hi all
- a rather long winded question on email monitoring.
We are looking to strengthen our email monitoring.
So I've been reviewing our email policy (again) to reflect this.
And working with our legal team to make sure anything we do meets DP, RIPA, HRA, etc.....
One sticky problem keeps coming up.
Personal use.
We currently allow reasonable personal use.
But the more I look at this the more difficult it becomes to justify.
My understanding:
We can monitor business email in terms of the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000.
But to monitor personal email we need to fall back on RIPA section 3.
i.e. both parties have consented.
So the options would be:
1. Ban personal use and monitor everything
2. Allow personal use and monitor only business use
3. Allow personal use, gain employee consent, and monitor everything
The second two options are possible but would present their own difficulties and risks.
e.g. 2 leaves us open to abuse of personal email facilities.
and 3 doesn't address the issue of 3rd parties in personal email.
So option 1 is the easiest and safest.
I suppose the reason for this email is that this seems to me to be rather unenlightened.
So before recommending it, I wondered what others were doing ?
Perhaps I have missed something ?
Or maybe most are already banning personal use ?
Or are happy to allow personal use unmonitored ?
Any offers gratefully received.
thanks
Tommy Kennedy
South Ayrshire Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|