the Spanish position again
It seems like there is general confusion on the status of emails
An important debate took place in 2003 regarding employers' access to employees' e-mails. A first case involved a Deutsche Bank employee who was dismissed for spending too much time sending private e-mails during working hours. The employer had obtained the list of private e-mails the employee had sent. That list had been obtained without any adequate authorization from a judge. The Deutsche Bank employee claimed that his employer intruded upon his privacy. The Superior Court of Justice of Catalunya held that electronic mail is the employer's tool that is lent to the employee from which the employee cannot expect any privacy. In other cases, however, the court has found in favor of the employee. In January 2003, the trade union Comisiones Obreras requested from the bank "La Caixa" that it withdraw from its internal rules a rule that allowed the bank to monitor its employees' e-mails to check whether they were working.
-----Original Message-----
From: This list is for those interested in Data Protection issues
To: [log in to unmask]
Sent: 16/01/2004 11:31
Subject: Re: [data-protection] Employee Emails
Davidwyatt on Friday, January 16, 2004 at 12:07 AM said:-
> If employers at the sending end do not
> own emails can they lawfully monitor emails content?
As I understand it, in those circumstances, only if they have just and
reasonable cause.
> From
> the Human Rights Act position what is definition of
> 'correspondence'?
The answer to that seems to depend on your viewpoint.
> Is the destination address part of
> 'correspondence content'?
The destination would appear to be important information to both the
sender
and recipient, dependent on circumstances. Consider a commercial
takeover,
some 'commercial confidentiality' would seem to apply there, especially
if
little correspondence had passed between the organisations previously.
Would that not also apply to an individuals correspondence? E.g.
correspondence with a medical practitioner, or lawyer? Are inferences
drawn from the addresses people correspond with - much of the monitoring
of
employee computer activity seems to relate to drawing inferences from
internet sites they visit, or e-mail they send.
An easy answer is to say no and leave any problems with the
organisations/individuals adversely affected. Some arguments exist
where
taking that approach would actually improve confidentiality/privacy by
different self-protective approaches being taken - by those with the
requisite knowledge.
> In a letter that can be seen by
> all in the delivery chain?
In those circumstances commercial confidentiality does not exist, unless
of
course the organisation uses a confidential means of correspondence or
internet anon-remailer, but then, without trustworthy digital signatures
legal validity could be questioned more so than normally. (Also see last
paragraph.)
> So many question so little clarity. How can a DPA
> professional get to understand all the issues, what is the
> cost of their training to data controllers?
Does the cost of training determine the level of confidentiality
organisations apply? If that is so the DPA professionals should be well
funded for training in those organisations which consider
confidentiality
important in any way.
> Isn't clarity
> what the Commissioner is now saying he wants to improve in
> his R4 Today broadcast?.
A narrow perspective on a single matter, applied across a varied
community
would not add to clarity.
> Wheres the endorsement of professional qualifications for
> compliance advisors?. Is the OIC ensuring all their staff
> obtain a recognised DPA qualification?.
Perhaps the IC can answer that.
We are all constantly on a learning curve. Life would be boring without
it.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of davidwyatt
> Sent: Friday, January 16, 2004 12:07 AM
> To: [log in to unmask]
> Subject: Re: Employee Emails
>
>
> Ian
>
> Thanks for observation re vicarious liability?
>
> Summarised - If an employer sucessfully defends vicarious
> liability re email content can they then be considered owner
> of the email. Can an employer deny vicarious liability?
>
> Im intrigued as to the question of who owns the email content
> (both sender and recipient ends need resolving). There does
> appear too many conflicting arguments which cannot be
> resolved at present. If employers at the sending end do not
> own emails can they lawfully monitor emails content?. From
> the Human Rights Act position what is definition of
> 'correspondence'? Is the destination address part of
> 'correspondence content'? In a letter that can be seen by
> all in the delivery chain?
>
> So many question so little clarity. How can a DPA
> professional get to understand all the issues, what is the
> cost of their training to data controllers? Isn't clarity
> what the Commissioner is now saying he wants to improve in
> his R4 Today broadcast?. Will we ever get there I wonder.
> Wheres the endorsement of professional qualifications for
> compliance advisors?. Is the OIC ensuring all their staff
> obtain a recognised DPA qualification?.
>
> Questions Questions. If anyone has the answers on this list
> please share. Im feeling intellectually challenged or it just my age.
>
> David Wyatt
> .
> ----- Original Message -----
> From: "Ian Welton" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Thursday, January 15, 2004 10:17 AM
> Subject: Re: [data-protection] Employee Emails
>
>
> > Davidwyatt on Thursday, January 15, 2004 at 12:58 AM said:-
> >
> > > 3: Employer has vicarious liability for activities of
> employees so
> > > has to have control.
> >
> > Point of interest - Where the employer documents a denied liability
> > (assuming compliance with unfair consumer terms), do they still
> > maintain control and hence are allowed access. Or would that
> > abrogation of responsibility also deny access for that particular
> > matter?
> >
> > Ian W
> >
> > > -----Original Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]] On Behalf Of davidwyatt
> > > Sent: Thursday, January 15, 2004 12:58 AM
> > > To: [log in to unmask]
> > > Subject: Re: Employee Emails
> > >
> > >
> > > Some bullet point observations which may assist analysis.
> > >
> > > 1: Information compiled in the employers time an on the employers
> > > equipment belongs to the employer.
> > >
> > > 2: Issues could arise if employer policies permits
> employees to use
> > > their time an equipment for personal use.
> > >
> > > 3: Employer has vicarious liability for activities of
> employees so
> > > has to have control.
> > >
> > > 4: Employer inestigatory processes ought to be
> consistantly applied
> > > e.g. the triggers for any investigation should be documented and
> > > applied to all employees regardless of level.
> > >
> > > 5: The DPA use is Staff administration
> > >
> > > 6: First Principle compliance re notice should be considered at
> > > either recruitment or when individuals are granted access
> to email
> > > tools. If no notice then processing is arguably unlawful.
> > >
> > > 7: Processing condition likely to be legitimate interests (Sch2
> > > Item6) but to assess these the actual data items detail
> in context
> > > required..
> > >
> > > 8: Retention of email data should have a policy. It could be
> > > anything from a short designated period to the duration of the
> > > employer contract. Judgement has to be made but it should be
> > > consistent for all email users of the data controller employer.
> > >
> > > 9: Appropriate Security leads you to having controlled
> > > investigations. ie have you a designated and trained investigator
> > > who understands system weaknesses re integrity of email systems.
> > >
> > > 10: Im advised by in-house lawyer that Employment contracts are
> > > Consumer contracts. Therefore the Unfair Terms in
> Consumer Contracts
> > > Act would apply. This grants powers to the Information
> Commissioner
> > > to challenge any unfair contract terms, ie those which
> would be in
> > > Breach of DPA principles, which an employer may wish to impose on
> > > employees. Hence the need to be consistent in the manner data
> > > relating to employees are treated.
> > >
> > > Anyone disagree with any of the above ?
> > >
> > > David Wyatt
> > >
> > >
> > > ----- Original Message -----
> > > From: "Joanna Diamantopoulos" <[log in to unmask]>
> > > To: <[log in to unmask]>
> > > Sent: Wednesday, January 14, 2004 5:20 PM
> > > Subject: [data-protection] Employee Emails
> > >
> > >
> > > > There is probably a easy answer to this one. If an
> > > employer suspects
> > > > an employee has misused the email system by sending items
> > > off that are
> > > > directly against internet and email policy that has been
> > > signed off by
> > > > the employee, can the employer have access to the sent
> item box to
> > > > determine whether there has been misuse and the extent of
> > > that misuse
> > > > and then use
> > > it
> > > > as evidence in disciplinary procedures? What is the dp
> standing on
> > > > this?
> > > >
> > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > All archives of messages are stored permanently and are
> > > > available to the world wide web community at large at
> > > > http://www.jiscmail.ac.uk/lists/data-protection.html
> > > > If you wish to leave this list please send the command
> > > > leave data-protection to [log in to unmask]
> > > > All user commands can be found at : -
> > > > http://www.jiscmail.ac.uk/help/commandref.htm
> > > > (all commands go to [log in to unmask] not the
> list please)
> > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > All archives of messages are stored permanently and are
> > > available to the world wide web community at large at
> > > http://www.jiscmail.ac.uk/lists/data-protection.html
> > > If you wish to leave this list please send the command
> > > leave data-protection to [log in to unmask]
> > > All user commands can be found at : -
> > > http://www.jiscmail.ac.uk/help/commandref.htm
> > > (all commands go to [log in to unmask] not the list
> > > please)
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list
> please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|