Lewis, Chris G. on 23 June 2005 at 14:40 said:-
> >Is there such a thing as requiring consent to respond
> to a SAR?
>
> >Ian W
>
> Yes, in that the question was not whether they needed
> consent to respond at all, but whether they need consent from
> the third party to provide (in response to the SAR) the third
> party's emails disclosed in full and without the third
> party's name being redacted. To which the answer is yes,
> unless, as the "third party" is an employee, you can imply
> that an employee has impliedly consented to such disclosures
> as part of their job and employment.
For the disclosure but not the search then?
Simon Macaulay on 23 June 2005 at 14:47 said:-
> Hi ian,
> I would have thought a policy is necessary if you are about
> to search their accounts instead of them volunteering up the
> emails themselves. This would cover the employer against a
> breach of the Human rights Act where employees who 'expect' a
> right to privacy will claim a breach of HRA if they were
> never aware that their emails could be searched. That's my
> reading of the need for a policy.
So a right to privacy within employment exists.
Would the same type of policy enable management searches of e-mail for
business purposes?
What about automated searches?
>
> Also... surely consent is needed before disclosing the
> personal data of a third party where it is caught up in the
> area of information requested by the subject? I know there
> is no absolute directive to have consent before releasing
> data but no-one in their right minds is going to risk this
> scenario unless they want a posse of disgruntled third party
> employees serving law suits. Unless of course it's in
> extraordinary circumstances... or perhaps as your inferring
> Ian, someone who is an employee and therefore it's possible
> to consider it 'reasonable' to disclose their PD without
> consent? Simon.
No argument that redaction may be necessary, but I do not believe a policy
statement regarding searching e-mails is necessary for a SAR search to be
conducted.
Policy statements of that type seem to fulfil fairness requirements. If an
employer has neglected to have brought such a policy statement into
existence, they have/are being unfair to their employees as the legislative
need to conduct a search may still arise; but that could also be indicating
management may not themselves search the e-mails.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Simon Macaulay
> Sent: 23 June 2005 14:47
> To: [log in to unmask]
> Subject: Re: Internal staff SAR
>
>
> Hi ian,
> I would have thought a policy is necessary if you are about
> to search their accounts instead of them volunteering up the
> emails themselves. This would cover the employer against a
> breach of the Human rights Act where employees who 'expect' a
> right to privacy will claim a breach of HRA if they were
> never aware that their emails could be searched. That's my
> reading of the need for a policy.
>
> Also... surely consent is needed before disclosing the
> personal data of a third party where it is caught up in the
> area of information requested by the subject? I know there
> is no absolute directive to have consent before releasing
> data but no-one in their right minds is going to risk this
> scenario unless they want a posse of disgruntled third party
> employees serving law suits. Unless of course it's in
> extraordinary circumstances... or perhaps as your inferring
> Ian, someone who is an employee and therefore it's possible
> to consider it 'reasonable' to disclose their PD without
> consent? Simon.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to
> the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|