Hi ian,
I would have thought a policy is necessary if you are about to search
their accounts instead of them volunteering up the emails themselves.
This would cover the employer against a breach of the Human rights Act
where employees who 'expect' a right to privacy will claim a breach of HRA
if they were never aware that their emails could be searched. That's my
reading of the need for a policy.
Also... surely consent is needed before disclosing the personal data of a
third party where it is caught up in the area of information requested by
the subject? I know there is no absolute directive to have consent before
releasing data but no-one in their right minds is going to risk this
scenario unless they want a posse of disgruntled third party employees
serving law suits. Unless of course it's in extraordinary
circumstances... or perhaps as your inferring Ian, someone who is an
employee and therefore it's possible to consider it 'reasonable' to
disclose their PD without consent?
Simon.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|