JISCMail - DATA-PROTECTION Archives

It seems that the OIC broadly concurs with Alastair's view. I have (just this
moment) received advice from Peter Bloomfield on this matter, which states -

"There are several, possibly conflicting, issues raised here. Firstly,
employees have a right to privacy (under Section 7(4) of the Act) and personal
emails, for example, should not be looked at without good cause. Secondly,
those making a subject access request have a right of access to their data,
including emails between third parties about them. Also of relevance is Section
7(3) of the Act, which allows data controllers to get reasonable information
from data subjects to enable them to trace an individual's personal data.

Balancing these issues suggests that where a subject access request is received
and either the data subject indicates that, or the institution knows that, some
personal data might be held in emails, rather than trawling through the
personal data of many third parties (which is often technically difficult and
time-consuming) the data subject should be asked to narrow down the search
criteria to a level the institution considers reasonable: for example, emails
sent between specified individuals and perhaps even only those sent on or
around specific dates. The exact criteria depends on the size of system and
ease of searching for references to an individual. If the data controller is to
go any further than searching on email title (e.g. looking for references to
the subject within the text of the emails) then, if such a general search is
not technically easy to accomplish the detail the data subject provides to
inform any search must be very high.

Even given the above considerations, however, institutions should ensure that
employees and other email users are aware that the contents of their emails
might be disclosed in certain circumstances, even if they do not give their
consent"

Andrew Okey
Lancaster University

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^