Catherine As far as I am aware, almost all 32 Scottish LAs have gone down the line of only allowing access from Council-owned, encrypted devices. I would also point out the ICO has levied "fines" on authorities who had personal information on unencrypted devices which were lost / stolen. Even if you permit access to webmail you are still open to the issue of the security of personal data on individuals' home PCs, etc. That's not a PSN issue, merely DPA compliance!!! Donald Henderson Information Compliance Manager Perth & Kinross Council From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Catherine Hanley Sent: 27 May 2015 13:04 To: [log in to unmask] Subject: [data-protection] Secure use of webmail I'm looking for a bit of advice if anyone can help? What restrictions does your authority have around the use of webmail, if any? Do you use it? Is it managed by Policy? I don't manage technical security so I don't have all of the details but ICT services assure me the connection to webmail via personal devices is secure and complies with PSN requirements. My concern though, is that staff accessing webmail from a personal device can download email attachments to that device and if that device is not encrypted, the data is at risk of loss, theft etc. I'm of the opinion that to manage this risk we either need staff to work from home using an encrypted laptop that provides full secure access to emails OR they can have webmail access with the ability to download removed, meaning they will be unable to view attachments. Having all of the officers that need email access at home, request a fully encrypted laptop and VPN access home has obvious cost implications, especially when all they really need is the emails but we're getting a lot of feedback from officers who state they need to be able to access emails from home to function and carry out services. There also seems to be the suggestion that no other authority has such restrictions, so I thought I'd ask what others do. Has anyone else come across this and/or managed it effectively? Kind regards Catherine . . . . . . . . . . . Catherine Hanley Acting Information Governance Manager Town Hall Middlesbrough PO Box 503 TS1 9FX 01642 729686 ********************************************************************************************** Any opinions or statements expressed in this e-mail are those of the individual and not necessarily those of Middlesbrough Council. Internet communications are not secure and therefore Middlesbrough Council does not accept legal responsibility for the contents of this message as it has been transmitted over a public network. If you suspect the message may have been intercepted or amended, please call the sender. This e-mail and any files transmitted with it are confidential, may be legally privileged, and are solely for the use of the intended recipient. If you receive this in error, please do not disclose any information to anyone and notify the sender at the above address. Any disclosure, copying, distribution or any action taken or omitted, in reliance on the contents, is prohibited and may be unlawful. Middlesbrough Council's computer systems and communications may be monitored to ensure effective operation of the system and for other lawful purposes. Save energy, money and the environment - is it really necessary to print this message? ** This email has been scanned for viruses, vandals and malicious content. ** ********************************************************************************************** ________________________________ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format): * Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection> * Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL> * To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML> * To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]> Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]> (Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline) ________________________________ Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. The information in this email is solely for the intended recipients. If you are not an intended recipient, you must not disclose, copy, or distribute its contents or use them in any way: please advise the sender immediately and delete this email. Perth & Kinross Council, Live Active Leisure Limited and TACTRAN do not warrant that this email or any attachments are virus-free and does not accept any liability for any loss or damage resulting from any virus infection. Perth & Kinross Council may monitor or examine any emails received by its email system. The information contained in this email may not be the views of Perth & Kinross Council, Live Active Leisure Limited or TACTRAN. It is possible for email to be falsified and the sender cannot be held responsible for the integrity of the information contained in it. Requests to Perth & Kinross Council under the Freedom of Information (Scotland) Act should be directed to the Freedom of Information Team - email: [log in to unmask] General enquiries to Perth & Kinross Council should be made to [log in to unmask] or 01738 475000. General enquiries to Live Active Leisure Limited should be made to [log in to unmask] or 01738 454600. General enquiries to TACTRAN should be made to [log in to unmask] or 01738 475775. Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^