Some bullet point observations which may assist analysis.
1: Information compiled in the employers time an on the employers equipment
belongs to the employer.
2: Issues could arise if employer policies permits employees to use their
time an equipment for personal use.
3: Employer has vicarious liability for activities of employees so has to
have control.
4: Employer inestigatory processes ought to be consistantly applied e.g. the
triggers for any investigation should be documented and applied to all
employees regardless of level.
5: The DPA use is Staff administration
6: First Principle compliance re notice should be considered at either
recruitment or when individuals are granted access to email tools. If no
notice then processing is arguably unlawful.
7: Processing condition likely to be legitimate interests (Sch2 Item6) but
to assess these the actual data items detail in context required..
8: Retention of email data should have a policy. It could be anything from a
short designated period to the duration of the employer contract. Judgement
has to be made but it should be consistent for all email users of the data
controller employer.
9: Appropriate Security leads you to having controlled investigations. ie
have you a designated and trained investigator who understands system
weaknesses re integrity of email systems.
10: Im advised by in-house lawyer that Employment contracts are Consumer
contracts. Therefore the Unfair Terms in Consumer Contracts Act would apply.
This grants powers to the Information Commissioner to challenge any unfair
contract terms, ie those which would be in Breach of DPA principles, which
an employer may wish to impose on employees. Hence the need to be consistent
in the manner data relating to employees are treated.
Anyone disagree with any of the above ?
David Wyatt
----- Original Message -----
From: "Joanna Diamantopoulos" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 14, 2004 5:20 PM
Subject: [data-protection] Employee Emails
> There is probably a easy answer to this one. If an employer suspects an
> employee has misused the email system by sending items off that are
> directly against internet and email policy that has been signed off by the
> employee, can the employer have access to the sent item box to determine
> whether there has been misuse and the extent of that misuse and then use
it
> as evidence in disciplinary procedures? What is the dp standing on this?
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|