[log in to unmask] on 24 June 2005 at 09:51 said:- Without wishing to sour the milk I believe there are some particularly interesting privacy issues here so... > In deciding whether to reveal the identity of a member of > staff, you should > consider the following: > > 1) If the e-mails are for work purposes, or the e-mail system > should only be > used for work purposes, the staff member should not be > classed as a third > party and the identity should be revealed unless there is a > danger of physical > harm to the person; This would mean that e-mail could not be considered private in the sense of individual privacy in the workplace. As any personal information entering the work environment could be open to inspection by the simple expedience of creating a rumour sufficient to generate a SAR. A pity some managers actually manage through such mechanisms. Oh well, dependent upon how SAR material is secured, and who sees the collated material, so much for the levels of protection for sensitive data in the workplace. If open access to the SAR response material is restricted to staff collating it, it would become doubly unfortunate if workplace computer/work monitoring created private circumstances allowing some to view such collated material without others knowledge. > 2) If the e-mails were of a private nature (eg personal > opinion as opposed to > comments about their work), and such use of the system is > allowed, there may > be a case for withholding the name and any part of the e-mail > that would > identify them but only where it is reasonable in the > circumstances to do so; Would this mean consideration of the DPA exceptions when looking at personal e-mails, which could, provided ALL of the possible exceptions were impersonally considered partly ameliorate the point made above.? How would the s.36 domestic purposes exemption in respect of personal life fit in here? Who would determine personal life matters? Albeit s.36 would not provide an exemption from s.7, would it only be possible to apply it to work processing if personal e-mails were allowed at work or would it be applicable anyway? > 3) A right to privacy in the workplace does exist but it does > not extend to > using the organisation's equipment and software to denegrate > others (assuming > this is the nature of the comments and the reason the DS > wants the e-mails; > > 4) The DS may already know the identities of the staff > members, so it may be > pointless trying to withhold them. Whilst agreeing a right of privacy exists. I do not believe that right can be limited only by rules set within an organisation without reference to, consideration of, and inclusion of that right, otherwise in fact no right exists at all. If only good opinions were contained within all the e-mails in question how would that change in any way item 3) above and any SAR received? Although obvious it is worth mentioning that the discussion relates only to the DPA and hence personal information, so there would be a need to accept that instant messaging, audio recordings, video phone recordings and so on would fall into the same categories, even though the originators purpose and intent for the communication may have been only transitory, whilst retention periods, being held for different purposes, and used for others, are rather less so. Ian W > -----Original Message----- > From: This list is for those interested in Data Protection > issues [mailto:[log in to unmask]] On Behalf Of > [log in to unmask] > Sent: 24 June 2005 09:51 > To: [log in to unmask] > Subject: Re: Internal staff SAR > > > In deciding whether to reveal the identity of a member of > staff, you should > consider the following: > > 1) If the e-mails are for work purposes, or the e-mail system > should only be > used for work purposes, the staff member should not be > classed as a third > party and the identity should be revealed unless there is a > danger of physical > harm to the person; > > 2) If the e-mails were of a private nature (eg personal > opinion as opposed to > comments about their work), and such use of the system is > allowed, there may > be a case for withholding the name and any part of the e-mail > that would > identify them but only where it is reasonable in the > circumstances to do so; > > 3) A right to privacy in the workplace does exist but it does > not extend to > using the organisation's equipment and software to denegrate > others (assuming > this is the nature of the comments and the reason the DS > wants the e-mails; > > 4) The DS may already know the identities of the staff > members, so it may be > pointless trying to withhold them. > > Ian B > ----------- > > In a message dated 23/06/05 11:11:44 GMT Daylight Time, > [log in to unmask] > writes: > > > > can anyone give advice on how to deal with a scenario where > a mem of > > staff wants to see the emails of certain other staff which > have him as > > the focus of their emails? > > > > Unfortunately we do not have a monitoring or similar policy which > > states we will search email accounts after receiving a SAR > or an FOI > > request (not for want of trying) and the approach of our HR > branch is > > to simply ask the staff mentioned if they have such emails and to > > disclose if they do. > > > > This leads me to the old chestnut of, are they 3rd parties, and do > > they have to be asked for consent before there emails are > disclosed in > > full without their names redacted? This is the approach we > are taking > > but I would appreciate any guidance or clarification from > anyone who > > has been in a similar situation. > > -------- > > Ian Buckland > Managing Director > Keep IT Legal Ltd > > Please Note: The information given above does not replace or > negate the need > for proper legal advice and/or representation. It is > essential that you do not > rely upon any advice given without contacting your solicitor. > If you need > further explanation of any points raised please contact Keep > I.T. Legal Ltd at > the address below: > > 55 Curbar Curve > Inkersall, Chesterfield > Derbyshire S43 3HP > (Reg 3822335) > Tel: 01246 473999 > Fax: 01246 470742 > E-mail: [log in to unmask] > Website: www.keepitlegal.co.uk > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > http://www.jiscmail.ac.uk/help/commandref.htm > Any queries about sending or receiving message please send to > the list owner > [log in to unmask] > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^