Lewis, Chris G. on 23 June 2005 at 14:40 said:- > >Is there such a thing as requiring consent to respond > to a SAR? > > >Ian W > > Yes, in that the question was not whether they needed > consent to respond at all, but whether they need consent from > the third party to provide (in response to the SAR) the third > party's emails disclosed in full and without the third > party's name being redacted. To which the answer is yes, > unless, as the "third party" is an employee, you can imply > that an employee has impliedly consented to such disclosures > as part of their job and employment. For the disclosure but not the search then? Simon Macaulay on 23 June 2005 at 14:47 said:- > Hi ian, > I would have thought a policy is necessary if you are about > to search their accounts instead of them volunteering up the > emails themselves. This would cover the employer against a > breach of the Human rights Act where employees who 'expect' a > right to privacy will claim a breach of HRA if they were > never aware that their emails could be searched. That's my > reading of the need for a policy. So a right to privacy within employment exists. Would the same type of policy enable management searches of e-mail for business purposes? What about automated searches? > > Also... surely consent is needed before disclosing the > personal data of a third party where it is caught up in the > area of information requested by the subject? I know there > is no absolute directive to have consent before releasing > data but no-one in their right minds is going to risk this > scenario unless they want a posse of disgruntled third party > employees serving law suits. Unless of course it's in > extraordinary circumstances... or perhaps as your inferring > Ian, someone who is an employee and therefore it's possible > to consider it 'reasonable' to disclose their PD without > consent? Simon. No argument that redaction may be necessary, but I do not believe a policy statement regarding searching e-mails is necessary for a SAR search to be conducted. Policy statements of that type seem to fulfil fairness requirements. If an employer has neglected to have brought such a policy statement into existence, they have/are being unfair to their employees as the legislative need to conduct a search may still arise; but that could also be indicating management may not themselves search the e-mails. Ian W > -----Original Message----- > From: This list is for those interested in Data Protection > issues [mailto:[log in to unmask]] On Behalf Of > Simon Macaulay > Sent: 23 June 2005 14:47 > To: [log in to unmask] > Subject: Re: Internal staff SAR > > > Hi ian, > I would have thought a policy is necessary if you are about > to search their accounts instead of them volunteering up the > emails themselves. This would cover the employer against a > breach of the Human rights Act where employees who 'expect' a > right to privacy will claim a breach of HRA if they were > never aware that their emails could be searched. That's my > reading of the need for a policy. > > Also... surely consent is needed before disclosing the > personal data of a third party where it is caught up in the > area of information requested by the subject? I know there > is no absolute directive to have consent before releasing > data but no-one in their right minds is going to risk this > scenario unless they want a posse of disgruntled third party > employees serving law suits. Unless of course it's in > extraordinary circumstances... or perhaps as your inferring > Ian, someone who is an employee and therefore it's possible > to consider it 'reasonable' to disclose their PD without > consent? Simon. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > http://www.jiscmail.ac.uk/help/commandref.htm > Any queries about sending or receiving message please send to > the list owner > [log in to unmask] > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^