The way I dealt with two similar situations was (having armed myself with
the "evidence" I already had in my possession) to call the person in first,
and say "we suspect you've been doing x,y,z, which is, as you know, against
company policy. Is there anything you want to tell us before we take a look
at the system records to check your sent items". In one case, they
"confessed" and were given a written warning; in the other, they had a
perfectly legitimate explanation; in neither case did we end up actually
needing to access the individual's sent items. I think the point I'm trying
to make is that if you apply the principles of the Monitoring at Work Code
of Practice, you should use all "organisational" methods first, before
relying on the "technical" evidence.
-----Original Message-----
From: davidwyatt [mailto:[log in to unmask]]
Sent: 15 January 2004 00:58
To: [log in to unmask]
Subject: Re: [data-protection] Employee Emails
Some bullet point observations which may assist analysis.
1: Information compiled in the employers time an on the employers equipment
belongs to the employer.
2: Issues could arise if employer policies permits employees to use their
time an equipment for personal use.
3: Employer has vicarious liability for activities of employees so has to
have control.
4: Employer inestigatory processes ought to be consistantly applied e.g. the
triggers for any investigation should be documented and applied to all
employees regardless of level.
5: The DPA use is Staff administration
6: First Principle compliance re notice should be considered at either
recruitment or when individuals are granted access to email tools. If no
notice then processing is arguably unlawful.
7: Processing condition likely to be legitimate interests (Sch2 Item6) but
to assess these the actual data items detail in context required..
8: Retention of email data should have a policy. It could be anything from a
short designated period to the duration of the employer contract. Judgement
has to be made but it should be consistent for all email users of the data
controller employer.
9: Appropriate Security leads you to having controlled investigations. ie
have you a designated and trained investigator who understands system
weaknesses re integrity of email systems.
10: Im advised by in-house lawyer that Employment contracts are Consumer
contracts. Therefore the Unfair Terms in Consumer Contracts Act would apply.
This grants powers to the Information Commissioner to challenge any unfair
contract terms, ie those which would be in Breach of DPA principles, which
an employer may wish to impose on employees. Hence the need to be consistent
in the manner data relating to employees are treated.
Anyone disagree with any of the above ?
David Wyatt
----- Original Message -----
From: "Joanna Diamantopoulos" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 14, 2004 5:20 PM
Subject: [data-protection] Employee Emails
> There is probably a easy answer to this one. If an employer suspects an
> employee has misused the email system by sending items off that are
> directly against internet and email policy that has been signed off by the
> employee, can the employer have access to the sent item box to determine
> whether there has been misuse and the extent of that misuse and then use
it
> as evidence in disciplinary procedures? What is the dp standing on this?
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|