Catherine
As far as I am aware, almost all 32 Scottish LAs have gone down the line of only allowing access from Council-owned, encrypted devices. I would also point out the ICO has levied "fines" on authorities who had personal information on unencrypted devices which were lost / stolen.
Even if you permit access to webmail you are still open to the issue of the security of personal data on individuals' home PCs, etc. That's not a PSN issue, merely DPA compliance!!!
Donald Henderson
Information Compliance Manager
Perth & Kinross Council
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Catherine Hanley
Sent: 27 May 2015 13:04
To: [log in to unmask]
Subject: [data-protection] Secure use of webmail
I'm looking for a bit of advice if anyone can help?
What restrictions does your authority have around the use of webmail, if any? Do you use it? Is it managed by Policy?
I don't manage technical security so I don't have all of the details but ICT services assure me the connection to webmail via personal devices is secure and complies with PSN requirements. My concern though, is that staff accessing webmail from a personal device can download email attachments to that device and if that device is not encrypted, the data is at risk of loss, theft etc.
I'm of the opinion that to manage this risk we either need staff to work from home using an encrypted laptop that provides full secure access to emails OR they can have webmail access with the ability to download removed, meaning they will be unable to view attachments.
Having all of the officers that need email access at home, request a fully encrypted laptop and VPN access home has obvious cost implications, especially when all they really need is the emails but we're getting a lot of feedback from officers who state they need to be able to access emails from home to function and carry out services. There also seems to be the suggestion that no other authority has such restrictions, so I thought I'd ask what others do.
Has anyone else come across this and/or managed it effectively?
Kind regards
Catherine
. . . . . . . . . . .
Catherine Hanley
Acting Information Governance Manager
Town Hall
Middlesbrough
PO Box 503
TS1 9FX
01642 729686
**********************************************************************************************
Any opinions or statements expressed in this e-mail are those of the individual and not necessarily those of
Middlesbrough Council. Internet communications are not secure and therefore Middlesbrough Council does
not accept legal responsibility for the contents of this message as it has been transmitted over a public
network. If you suspect the message may have been intercepted or amended, please call the sender.
This e-mail and any files transmitted with it are confidential, may be legally privileged, and are solely for the
use of the intended recipient. If you receive this in error, please do not disclose any information to anyone
and notify the sender at the above address. Any disclosure, copying, distribution or any action taken or
omitted, in reliance on the contents, is prohibited and may be unlawful.
Middlesbrough Council's computer systems and communications may be monitored to ensure effective
operation of the system and for other lawful purposes.
Save energy, money and the environment - is it really necessary to print this message?
** This email has been scanned for viruses, vandals and malicious content. **
**********************************************************************************************
________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>
Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>
(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)
________________________________
Securing the future... - Improving services - Enhancing quality of
life - Making best use of public resources.
The information in this email is solely for the intended recipients.
If you are not an intended recipient, you must not disclose, copy,
or distribute its contents or use them in any way: please advise
the sender immediately and delete this email.
Perth & Kinross Council, Live Active Leisure Limited and
TACTRAN do not warrant that this email or any attachments are
virus-free and does not accept any liability for any loss or damage
resulting from any virus infection. Perth & Kinross Council may
monitor or examine any emails received by its email system.
The information contained in this email may not be the views of
Perth & Kinross Council, Live Active Leisure Limited or TACTRAN.
It is possible for email to be falsified and the sender cannot be
held responsible for the integrity of the information contained in it.
Requests to Perth & Kinross Council under the Freedom of
Information (Scotland) Act should be directed to the Freedom of
Information Team - email: [log in to unmask]
General enquiries to Perth & Kinross Council should be made to
[log in to unmask] or 01738 475000.
General enquiries to Live Active Leisure Limited should be made
to
[log in to unmask] or 01738 454600.
General enquiries to TACTRAN should be made to
[log in to unmask] or 01738 475775.
Securing the future... - Improving services - Enhancing quality of
life - Making best use of public resources.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
