JISCMail - DATA-PROTECTION Archives

Firstly, your Internet, email usage policy needs to explain the need for
searches to be carried out within their email accounts for such requests,
and more importantly the coming of FOI. (possibly monitoring of overuse of
internet, emailing in works time if your feel the need)

You must explain the fact that their email accounts belong to the
organisation but recognising HR and a certain amount of privacy is
expected, tell them to make their own 'personal' folder which will only be
searched in serious circumstances (crime, harrasment, defaming of company,
porn  etc)

Having all that behind you combined with some DP and FOI staff training
explaining procedures, you are now armed and confident to kick ass and face
up to any stroppy middle manager or even director when your processing a
SAR, once you have asked them to disclose, the ball is in their court and
they have no get out clause if they have signed/acknowledged the E&I
policy. (remember if the punter aint pleased and seeks satisfaction from
the IC it's your ass on the line for not complying by shying out of these
searches)

Second most important thing, included in the training, hammer home with a
large mallet the importance of good record keeping, backed up with (if your
lucky) a good records manager who has drafted and put in place a retention
policy and a few choice horror stories of embarrising emails sent to
punters.

Practicality wise, first move I take, is try to narrow down the search by
contacting the subject (or applicant next year).
If he insists on email from everywhere by searching all users in a
department for example, and this is obviously massively out of your
resource capability, negotiate or refuse and cite disproportionate.  As for
FOI in Scotland..I would log my time and stop at £600, this will probably
prevent a complete search of all users or the task of recovering past files
from tape (unless court or crime of course) as the cost of this would be
immense.

establish a useful contact in each branch who is sympathetic to your cause
(network and get pally with as many folk as poss)
always make requests through them instead of direct to the person if
posible at first.
ask for a search and for them to send you all the emails with the subjects
name ANYWHERE in the text (subject matter for foi)

then spend ages agonising over what is pd under durrant, who is a third
party (staff or not staff).  call in the lawyers..who then sit on the fence
after taking lots of tax payers money then cite to you clauses from the DP
act and tell you to make your own mind up...then spend ages....

cynically yours Si.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^