I have scenario which affects our organisation on a regular basis and I think I may beginning to over think things. So I wondered if anybody else has an opinion they would like to share?
An employee emails a local social club contact list from their personal email account to their corporate email account (list contains, name; address; tel no.; email address). The email has been identified on our network via automated monitoring,
on key-words. The email is likely to have been sent to the original email address (Personal email) for personal use (section 36 exemption), or for official use in connection with the club. However, my issue is about the appropriateness of this data now residing
on our network.
Our organisation has no legal basis to process this information. Would we (the organisation) be accountable under DPA now that we are aware we have this data on our network? I intend to tell the individual to remove it from any shared area
they may have filed the attachment.
Any thoughts?
Kind Regards
Mike
"The information contained in this email may be commercially sensitive and/or legally privileged. It is intended solely for the person(s) to whom it is addressed. If you are not a named recipient, you are on notice of its status. Please notify the sender immediately by reply e-mail and then delete this message from your system. You must not disclose it to any other person, copy or distribute it or use it for any purpose.
Views expressed in this email are not necessarily those of Sellafield Ltd.
Sellafield Ltd, a Nuclear Decommissioning Authority company, is registered in England and Wales, Company number 01002607. The registered office is situated at Hinton House, Birchwood Park Avenue, Risley, Warrington, Cheshire, WA3 6GR."