Dear All,
I think this may have come up in the past, but I cannot find the reference in the archives.
Here is the scenario.
Organisation has an intranet for franchises. Roughly 3000 employees at franchise have access to it. As part of a project involving all participants, a list of contact names of relatively junior employees who are responsible for answering questions for the project is published on the intranet.
Several months pass.
An issue arises and an employee prints out the contact names and takes them home. They post them to a Facebook account and refer employees to these potential contacts (name telephone number and service) to resolve the issue for the Facebook group who include people who will have had access to the same intranet.
Is that personal use of the intranet information a data breach?
I do not see it as a data breach. However, there is the issue of whether the information is being processed unfairly as the employee has taken some information off the intranet and published it on the web.
First question, is information published on an intranet "published" and therefore the expectation of privacy or such processing is lowered or limited. In the way that someone who places their name and contact details at the bottom of an email, which is included in every email, has a lower expectation of privacy.
Second, is taking the information from the intranet a data breach? The information is now "published" and is available to the franchises but not the wider public. Is there an expectation that this will not be brought home for personal use?
Third, is publishing the contact details of the junior officers a breach of the DPA? The processing would, potentially, be covered by s.36 exemption. However, they are an employee, in an non work environment, chatting with other employees about a work related issue. Is it a personal use/household purpose or is it a work purpose?
What are your views? Have you had this experience previously?
Any advice or assistance would be welcomed.
Thanks
Lawrence
________________________________
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
