Emma,
I thought about this question from a professional ethics point of view
(not a DPA one!) a few years ago (pre-RIPA) when I wrote a suggested
"Charter for System Administrators". There I took the view that any
"collateral" information about activities or people other than the
target of the immediate investigation must be passed up to management
for them to decide whether a further investigation was appropriate.
I'd be interested to hear whether this community feels that advice (and
the rest of the Charter) is still appropriate in the light of more
recent advice on DP issues? Also, the charter was written from the
perspective of a university sysadmin so I'd be very interested to know
whether it would also work in other sectors. The old version of the
Charter is at
http://www.ja.net/development/legislation/sysadmin-charter.html
Any comments or suggestions would be very welcome.
Cheers
Andrew
--------------------
Andrew Cormack
Chief Security Advisor
UKERNA, Atlas Centre, Chilton, Didcot, Ox11 0QS, UK
Phone: +44 (0)1235 822302
Fax: +44 (0)1235 822399
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Emma Bothamley
> Sent: Wednesday 13 July 2005 15:29
> To: [log in to unmask]
> Subject: Covert monitoring - 'other information'
>
>
> A question about covert monitoring and 'other information'
> that might be
> found while conducting covert monitoring.
>
> Under section 3.4.5 of the Employment Code of Practice it says that we
> should:
> " . . . Disregard and, where feasible, delete other information
> collected in the course of monitoring unless it reveals
> that no employer
> could reasonably be expected to ignore".
>
> In the Supplementary Guidance it states,
> "Information about workers who are not the target of the
> investigation
> should be deleted as soon as practicable. The type of
> activities that
> an employer could not reasonably be expected to ignore
> might include
> criminal activity, gross misconduct or practices that
> jeopardise the
> safety of others".
>
> My question is, what if information about workers who are not
> the target of
> the investigation reveals that they are also involved in some equally
> devious but separate criminal activity. Should we delete
> that information
> and pretend we didn't see it or could we legitimately use the
> information
> if it revealed something seriously underhand was occurring?
>
> My view is that if the information does reveal something seriously
> underhand, I feel we should be able to act upon it. A
> colleague of mine
> has challenged my view and argues that section 3.4.5 should
> only relate to
> 'other information' about the individual who was the original
> focus of the
> monitoring to avoid 'fishing' allegations. Information about other
> individuals should be disregarded as they weren't the
> original focus of the
> covert monitoring.
>
> Looking at the wording of the Code of Practice, I guess this could be
> argued either way. I'm interested in other people's views on
> this so I can
> attempt to set some best practice guidelines for the business.
>
> Many thanks in advance,
> Emma
>
>
> Emma Bothamley
> Data Protection Consultant
>
> 01733 471226
>
>
> Pearl Group Ltd No.05282342 and Pearl Group Services Ltd No.
> 3725038. The following companies are subsidiary companies of
> Pearl Group Ltd and are authorised and regulated by the
> Financial Services Authority: Pearl Assurance plc No. 1419,
> Pearl Assurance (Unit Funds) Ltd No. 1027138, Pearl Assurance
> (Unit Linked Pensions) Ltd No. 1122485, Pearl ISA Ltd No.
> 3597973, London Life Ltd No. 1179800, London Life Linked
> Assurances Ltd No. 1396188, NPI Ltd No. 3725037, National
> Provident Life Ltd No. 3641947, UKLS Financial Services Ltd
> No. 3715118. All companies are registered in England at The
> Pearl Centre, Lynch Wood, Peterborough PE2 6FY. Tel. 01733
> 470470. We may record or monitor telephone calls to improve
> service and for our mutual protection.
>
> The information in this e-mail is confidential and may be
> legally privileged. It is intended solely for the addressee
> and access to this e-mail by anyone else is unauthorised.
> Although this message and any attachments are believed to be
> free of any virus or other defect that might affect any
> computer system into which it is received and opened, it is
> the responsibility of the recipient to ensure that it is
> virus free and no responsibility is accepted by any of the
> companies of Pearl Group Limited for any loss or damage in
> any way arising from its use.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to
> the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|