It's interesting that the ICO cannot seem to be consistent in their advice. What you were told Tony, is almost the opposite of what they told me when I spoke to them last week (apart from that every case has to be taken on its own merit).
I was advised that a SAR for email would only entitle an individual to be given the content that contains their personal information, but importantly not the context of who the emails were between. The exception to this obviously being when they could work this out for themselves by limiting their request to content in emails to or from certain individuals only. I was also reminded of the need to redact any content that refers to other individuals (sender/recipient, etc.) unless we have their consent.
In fairness, this approach sounds sensible to me, but at the moment, I can't think of any way of achieving this without an incredible amount of manual effort. Anyone have any recommendations/advice?
Regards
Richard J. Thorne, FBCS, CITP, CDCM, RITTech
Rheolwr Gwasanaethau Cyfrifiadurol / Computer Services Manager
Coleg Gŵyr Abertawe / Gower College Swansea
Â
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tony Sheppard
Sent: 06 June 2019 11:10
To: [log in to unmask]
Subject: Re: [data-protection] SAR Former employee emails
I raised this with ICO helpline again yesterday and, not surprisingly, they repeated that every case had to be taken on its own merit ... but that even if data was provided, the document (e.g. the email) has context that might be deemed required, e.g. it is not just what was in the email but who was involved and the time/date.
At that point ... you just say ... heck, that means we share the email!
This is one reason I am trying to get folk to understand that emails should not be used for records, make sure you record things in the right place and then get rid of what you don't need!
Tony Sheppard
-----Original Message-----
From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Palmer-Dunk, Dan
Sent: 06 June 2019 10:32
To: [log in to unmask]
Subject: Re: [data-protection] SAR Former employee emails
I think you're right to take that approach - as Phil has stressed elsewhere, A15 entitles access to data, not documents. You cannot provide access to the entire archive without risking adversely affecting the rights and freedoms of others (A15(4)).
Dan
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Liam Wilkinson
Sent: 06 June 2019 10:27
To: [log in to unmask]
Subject: [data-protection] SAR Former employee emails
Hi all,
Just looking for a sense check here. We have received a request from the union representative of a former employee for emails from the former employee's work email account. It reads:
"we request that steps are put in place to archive the content so that it can be supplied to XXX and [their] representatives to enable the search and retrieval of pertinent emails".
The former employee's email account is suspended, not closed. My thinking is that the request for the entire email archive is excessive and the archive will, of course, contain other people's personal data. I would suggest that we ask the requester to be more specific about the data required (email content/emails within a certain time frame etc) and then we can provide a specified selection of emails, redacted where required.
Any suggestions/comments would be much appreciated. SARs are few and far between here!
Thanks,
Liam
YSJU
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
________________________________________________________________________
The information in this email (and any attachment) may be for the intended recipient only. If you know you are not the intended recipient, please do not use or disclose the information in any way and please delete this email (and any attachment) from your system.
The Council does not accept service of legal documents by e-mail.
________________________________________________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ymwadiad - Mae'r e-bost hwn wedi'i fwriadu ar gyfer y derbynnydd(derbynyddion) yn unig. Os ydych wedi derbyn yr e-bost ar gam, dylech ddileu pob copi ohono ac unrhyw atodiadau, a thrin y cynnwys fel cynnwys cyfrinachol. Ymddiheurwn am unrhyw anghyfleustra y gall hyn ei achosi. Mae'r barnau a safbwyntiau a fynegir yn y neges e-bost hon yn rhai'r awdur ac ni ddylid cymryd eu bod yn rhai'r coleg. Mae'r e-bost hwn wedi cael ei wirio gan feddalwedd gwrthfeirysau. Nid yw'r coleg yn cymryd unrhyw gyfrifoldeb am unrhyw niwed sy'n gysylltiedig â derbyn yr e-bost hwn, sut bynnag y'i hachosir.
Disclaimer - This email is intended for the addressee(s) only. If however you have received this email in error, please delete all copies of it and any attachments, and treat the contents as confidential. We apologise for any inconvenience this may cause. The views and opinions expressed in this email message are those of the author and must not be assumed to be those of the college. This email has been checked by anti-virus software. The college accepts no liability for any damages related to receipt of this email, howsoever caused.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|