In other words an e-mail disclaimer doesn't stack up as 'appropriate' security against an unauthorised disclosure. You also need to take additional measures (proportionate to the confidentiality of the content) to reduce, if not eliminate, the likelihood of e-mails going astray. Paul Ticher 0116 273 8191 www.paulticher.com 22 Stoughton Drive North, Leicester LE5 5UB For continuous priority support on Data Protection, sign up to my support service: www.paulticher.com/data-protection-services ----- Original Message ----- From: "Mike Burgess" <[log in to unmask]> To: <[log in to unmask]> Sent: Friday, June 08, 2012 3:30 PM Subject: Re: Email Disclaimers Thanks for your replies, I am getting the idea. There might be some merit, having it can do no real harm but don't rely on it for when you email out your data to joe.bloggs other than a possible deterrent J Mike Burgess MIS Manager (ext 237) Room C27 From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Baines, Jonathan Sent: 08 June 2012 14:54 To: [log in to unmask] Subject: Re: [data-protection] Email Disclaimers If you send an email to joe.bloggs@hotmail instead of @xyz.gov.uk you might be negligent, but you didn't intend to do it, and therefore as a matter of fact surely Joe Bloggs is not the intended recipient? I would also argue Joe Bloggs is potentially highly restricted under common law of confidence from disclosing it to anyone. In the very first ICO CMP case Hertfordshire Council apparently sought a High Court injunction to prevent disclosure by the unintended recipient of the data. I imagine that would be on the basis that the information was confidential: "Due to the confidential and sensitive nature of the data the data controller also obtained a High Court injunction (still in force) prohibiting the member of the public from disclosing any information about the sexual abuse case so as not to prejudice the High Court hearing and ordering him to destroy the data" Similarly in Independent Police Complaints Commission v Warner & Ors [2012] EWHC 271 (QB) the High Court granted an injunction to prevent an unintended recipient of personal data disclosing it further, and requiring him to reveal to whom he had disclosed it. The Court said "The IPCC submits that there is a good arguable case that there has been a breach of the duties of confidentiality owed both to itself and to the other person, that further breaches are threatened, and that damages would not be an adequate remedy. The evidence amply establishes this to be so." As for disclaimers - I see no harm in having a brief statement, for the reasons Simon gives - that they can act as a deterrent/warning, regardless of any inherent legal force. Jonathan Baines Legal and Democratic Services Buckinghamshire County Council 01296 383681 ________________________________ From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth Sent: Friday 08 June 2012 14:19 To: [log in to unmask] Subject: Re: [data-protection] Email Disclaimers I know I am not the only one that thinks that these are a waste of time and having spoken to many legal and non-legal people about this, opinion is split but it could act as a deterrent to anyone that gets an email by mistake. A bit like private car parks handing out parking tickets that look legal when actually they mean nothing at all, they often trap the unwary. Often these notices say something like "...if you are not the intended recipient...". Unfortunately if you send an email to [log in to unmask] instead of @xyz.gov.uk then they are surely the intended recipient? In which case, do they have obligations or not given that they didn't ask for the communication? I am not sure if they would get away with sharing the confidential information publicly, but if they have received the information would a court accept that they are bound by the Common Law Duty of Confidentiality or not? In terms of not copying or forwarding the information without prior permission; whose permission would be needed if you have sent the information by mistake? If I did copy it and send it to others what would you actually be able to do about it? Now, if you had sent it to an organisation, then there may be some recourse, but if it's to an individual then I think you would be on dodgy ground. From the point of view about stating opinions are not that of the organisation and no legal/contractual arrangements can be inferred, I suppose that's fair and may have some limited use in terms of the message being correctly delivered but wrongly interpreted. As you can see, I have my opinion on this, but I will be the first to accept that it's only an opinion and maybe there is no strictly correct answer. If it gives the legal people in an organisation a warm and fuzzy feeling, then that might be a positive. One thing though. Where disclaimers and legal type things are concerned don't implement it without your legal people having had a chance to comment, because if something does go wrong, they are the ones that will have to fight your corner in court for you! Simon Howarth MBCS CITP www.informationedge.co.uk From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Mike Burgess Sent: 08 June 2012 13:49 To: [log in to unmask] Subject: [data-protection] Email Disclaimers Hi all, This may not be the right forum but here goes.. Email disclaimers - do we need one as it seems that even if you add one if you sent something inappropriate then any disclaimer would not be able to let you off what you should not have done in the first place. I understand the signature and maybe a link to our data protection policy but I am thinking of this sort of thing you see plastered about "Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or the person responsible for delivery of the message to such person), you may not copy or deliver this message to anyone without prior permission. Opinions, conclusions and other information expressed in this message are the sender's personal views and do not necessarily represent the views of the originating organisation; neither are they intended to create any contractual or legal obligations binding unless confirmed by letter." etc, etc... Mike Burgess MIS Manager (ext 237) Room C27 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^