JISCMail - DATA-PROTECTION Archives

In message <[log in to unmask]>, at 07:48:29 on Thu, 7 
Jun 2007, Nigel Roberts <[log in to unmask]> writes
>> The ISP staff are quite likely to use that same "personal" email 
>>address  when logged in at home - which is a little more complicated 
>>to arrange  (and would the employer in your story be prepared to 
>>facilitate that).  The alternative is employees having three email 
>>addresses (home, work  and work personal).
>
>Again, as something like an ISP, this is something which we are happy 
>to support. It's pretty easy, anyway, after all it's merely a POP3 
>email box, and you set all clients except one to leave mail on server.

That won't work because the client that *isn't* "leaving on server" will 
rob the emails from the other clients whenever it's active. There are 
solutions, but we are getting too off-topic for this list.

>IMAP is equally usable.

But most IMAP clients are unusable :(

>>  Maybe it would be simpler to suggest the employees get a webmail 
>>account  for the private email (and whatever address they like), and 
>>allow them  to access that from work quite separately from their work 
>>email - at  which point the employer's email systems don't  have to be 
>>involved at all.
>
>We prohibit this for security reasons. Webmail systems are inherently 
>insecure as you can't (self-evident) turn off HTML email formatting. 
>HTML email allows web bugs, malware and all sorts of DP as well as 
>security issues, particularly for Windows usersn (we are moving, 
>slowly, away from Windows)!

If the employer (with or without a vigorous risk audit) allows html 
emails at all, then I would have thought most famous-name webmail would 
also have better built in spam and virus filtering than the employer is 
likely to be able to afford. Otherwise, yes, abide by the policy.

What are the Data Protection issues (given that it's only the employee's 
private correspondence that's involved here)?
-- 
Roland Perry

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^