Observation on this thread
I would also agree that SAR is not the justification reason. There had to
be a reason to hold the data in the first place.
There are however many 'retention' obligations in existence ie Company
incorporation records, appointment of officers (personal data) as one
example. It does also however depends on how 'emails' are used as part of
records management. Emails content can form part of many contracts ie
between employer and employee or customer and financial services supplier
(whose products are information based).
If your organisation uses email and is subject to any such retention
obligations then appropriate tools to secure and retrieve the information
are required not because of DPA but because of the other obligations.
However as we know once any personal data is created or held in the email
management systems then DPA starts to bite.
Many Email archive and retreival tools do exist today ie see Cryoserver
products as one vendor example (with whom I have no connection other than
having seen a demo). Such product are in use in both public and private
sectors and it is unlikely they are purchased without a 'need'.
David Wyatt
----- Original Message -----
From: "Roland Perry" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, November 04, 2004 6:39 AM
Subject: Re: [data-protection] e-mail storage systems case law
> In message
> <[log in to unmask]>, at
> 18:49:28 on Wed, 3 Nov 2004, Talbot Richard <[log in to unmask]>
> writes
>>Her IT guys have started telling her that it is a legal requirement to
>>have
>>an e-mail storage and retention archive because of the DPA (it would keep
>>a
>>copy of every e-mail transaction for at least 5 years) We both believe
>>this
>>to be rubbish, but what does the floor think are there any case law or
>>legal
>>requirements for such a system.
>
> What is the business purpose for keeping the emails? I didn't think that
> the sole reason "so we can respond to SARs" was a suitable one.
>
> There may come a time when *Data Retention* law says you *have* to keep
> things - although not even the extremists are proposing the content of
> emails yet. DPA is being used as the main lobbying weapon as to why is
> is INappropriate !
> --
> Roland Perry
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|