In other words an e-mail disclaimer doesn't stack up as 'appropriate'
security against an unauthorised disclosure. You also need to take
additional measures (proportionate to the confidentiality of the content) to
reduce, if not eliminate, the likelihood of e-mails going astray.
Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB
For continuous priority support on Data Protection, sign up to my support
service:
www.paulticher.com/data-protection-services
----- Original Message -----
From: "Mike Burgess" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, June 08, 2012 3:30 PM
Subject: Re: Email Disclaimers
Thanks for your replies, I am getting the idea. There might be some
merit, having it can do no real harm but don't rely on it for when you
email out your data to joe.bloggs other than a possible deterrent
J
Mike Burgess
MIS Manager (ext 237)
Room C27
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 08 June 2012 14:54
To: [log in to unmask]
Subject: Re: [data-protection] Email Disclaimers
If you send an email to joe.bloggs@hotmail instead of @xyz.gov.uk you
might be negligent, but you didn't intend to do it, and therefore as a
matter of fact surely Joe Bloggs is not the intended recipient? I would
also argue Joe Bloggs is potentially highly restricted under common law
of confidence from disclosing it to anyone.
In the very first ICO CMP case Hertfordshire Council apparently sought a
High Court injunction to prevent disclosure by the unintended recipient
of the data. I imagine that would be on the basis that the information
was confidential:
"Due to the confidential and sensitive nature of the data the data
controller also obtained a High Court injunction (still in force)
prohibiting the member of the public from disclosing any information
about the sexual abuse case so as not to prejudice the High Court
hearing and ordering him to destroy the data"
Similarly in Independent Police Complaints Commission v Warner & Ors
[2012] EWHC 271 (QB) the High Court granted an injunction to prevent an
unintended recipient of personal data disclosing it further, and
requiring him to reveal to whom he had disclosed it. The Court said
"The IPCC submits that there is a good arguable case that there has been
a breach of the duties of confidentiality owed both to itself and to the
other person, that further breaches are threatened, and that damages
would not be an adequate remedy. The evidence amply establishes this to
be so."
As for disclaimers - I see no harm in having a brief statement, for the
reasons Simon gives - that they can act as a deterrent/warning,
regardless of any inherent legal force.
Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681
________________________________
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: Friday 08 June 2012 14:19
To: [log in to unmask]
Subject: Re: [data-protection] Email Disclaimers
I know I am not the only one that thinks that these are a waste of time
and having spoken to many legal and non-legal people about this, opinion
is split but it could act as a deterrent to anyone that gets an email
by mistake. A bit like private car parks handing out parking tickets
that look legal when actually they mean nothing at all, they often trap
the unwary.
Often these notices say something like "...if you are not the intended
recipient...". Unfortunately if you send an email to
[log in to unmask] instead of @xyz.gov.uk then they are surely the
intended recipient? In which case, do they have obligations or not given
that they didn't ask for the communication?
I am not sure if they would get away with sharing the confidential
information publicly, but if they have received the information would a
court accept that they are bound by the Common Law Duty of
Confidentiality or not?
In terms of not copying or forwarding the information without prior
permission; whose permission would be needed if you have sent the
information by mistake? If I did copy it and send it to others what
would you actually be able to do about it?
Now, if you had sent it to an organisation, then there may be some
recourse, but if it's to an individual then I think you would be on
dodgy ground.
From the point of view about stating opinions are not that of the
organisation and no legal/contractual arrangements can be inferred, I
suppose that's fair and may have some limited use in terms of the
message being correctly delivered but wrongly interpreted.
As you can see, I have my opinion on this, but I will be the first to
accept that it's only an opinion and maybe there is no strictly correct
answer. If it gives the legal people in an organisation a warm and fuzzy
feeling, then that might be a positive.
One thing though. Where disclaimers and legal type things are concerned
don't implement it without your legal people having had a chance to
comment, because if something does go wrong, they are the ones that will
have to fight your corner in court for you!
Simon Howarth MBCS CITP
www.informationedge.co.uk
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Mike Burgess
Sent: 08 June 2012 13:49
To: [log in to unmask]
Subject: [data-protection] Email Disclaimers
Hi all,
This may not be the right forum but here goes..
Email disclaimers - do we need one as it seems that even if you add one
if you sent something inappropriate then any disclaimer would not be
able to let you off what you should not have done in the first place. I
understand the signature and maybe a link to our data protection policy
but I am thinking of this sort of thing you see plastered about
"Privileged/Confidential Information may be contained in this message.
If you are not the addressee indicated in this message (or the person
responsible for delivery of the message to such person), you may not
copy or deliver this message to anyone without prior permission.
Opinions, conclusions and other information expressed in this message
are the sender's personal views and do not necessarily represent the
views of the originating organisation; neither are they intended to
create any contractual or legal obligations binding unless confirmed by
letter."
etc, etc...
Mike Burgess
MIS Manager (ext 237)
Room C27
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
