I don't think it is reasonable to expect any given individual to necessarily have the ability or expertise to examine every email they receive for potential threats to the organisation or to themselves. That is why organisations run spam filters and have policies which block the receipt of certain types of attachments.

There are a number of expectations involved which you should take into account and have to be balanced. As you have indicated, you expect the email to go to the individual. On the other hand, you might also expect that someone else will deal with the email in that person's (prolonged) absence. You would also expect an organisation to take reasonable precautions to protect the security of its employees, the organisation, and the information it holds.

Donald

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 06 March 2009 11:34
To: [log in to unmask]
Subject: Re: [data-protection] Checking emails for images etc

It may be that Cardiff is a good exception to the common practice and has the courtesy to tell folk that it happens. The notice that informs me is a good thing.

The point I'm arguing and am happy to be proven wrong on is that I do not have a normal expectation of this type of processing, thus feel it is in some way peculiar.

Donald Henderson wrote:

[log in to unmask] type="cite">
Tim,

Whilst I acknowledge the theoretical point that you are arguing, I cannot fathom how you would expect anyone who might email an organisation to be fully informed about the organisation's policy before they send the email. The Council publishes the policy on their website, which is probably the most you can hope for.

I think you will find that their practice simply reflects what is done by most organisations.

Donald Henderson

Information Compliance Manager

Perth & Kinross Council

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 06 March 2009 10:49
To: [log in to unmask]
Subject: [data-protection] Checking emails for images etc
I just emailed a list member in Cardiff and received the following automatic reply:

BEGINS
YOUR E-MAIL HAS BEEN DELIVERED TO THE INTENDED RECIPIENT.

Your e-mail has been delivered to the intended recipient. For your information, 
an image attachment was detected (such as .jpg, .bmp or .gif), which may be part 
of a Powerpoint (PPT) file or E-mail background.

A copy of your E-mail has been held in accordance with Cardiff Council's ICT 
security policy, and Audit will routinely check these images to assess their 
appropriateness.

Any technical queries, please contact the ICT Helpdesk on 029 2087 3333.

Any queries regarding this policy, please contact the Authority's Audit Manager 
on 029 2087 2275.
ENDS

Now I have a Friday question for the list:

The email that I sent was personal data.  I have no agreement with Cardiff Council 
that they may intercept and scan the contents of my emails, nor to have the images 
"routinely checked".  I am thus unsure of the lawfulness of this policy and wonder if
this might be a breach of my rights as the sender of the email, especially as
there is no prior warning.

What do you all think?
  
--

Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website - more than anyone needs to know

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.

The information in this email is solely for the intended
recipients.

If you are not an intended recipient, you must not disclose,
copy, or distribute its contents or use them in any way: please
advise the sender immediately and delete this email.

Perth & Kinross Council does not warrant that this email or any
attachments are virus-free and does not accept any liability for
any loss or damage resulting from any virus infection. Perth &
Kinross Council may monitor or examine any emails received by its
email system.

The information contained in this email may not be the views of
Perth & Kinross Council. It is possible for email to be falsified
and the sender cannot be held responsible for the integrity of
the information contained in it.

Requests to Perth & Kinross Council under the Freedom of
Information (Scotland) Act should be directed to the Freedom of
Information Team - email: [log in to unmask]

General enquiries should be made to [log in to unmask] or 01738
475000.

Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website - more than anyone needs to know

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.

The information in this email is solely for the intended
recipients.

If you are not an intended recipient, you must not disclose,
copy, or distribute its contents or use them in any way: please
advise the sender immediately and delete this email.

Perth & Kinross Council does not warrant that this email or any
attachments are virus-free and does not accept any liability for
any loss or damage resulting from any virus infection. Perth &
Kinross Council may monitor or examine any emails received by its
email system.

The information contained in this email may not be the views of
Perth & Kinross Council. It is possible for email to be falsified
and the sender cannot be held responsible for the integrity of
the information contained in it.

Requests to Perth & Kinross Council under the Freedom of
Information (Scotland) Act should be directed to the Freedom of
Information Team - email: [log in to unmask]

General enquiries should be made to [log in to unmask] or 01738
475000.

Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)