We tend to use the "Data Subject" definition in a SAR to mean that they add something biographically to the person. Emails simply sent and received do not do this, and staff cannot just request everything they have done using a business tool. This would be an excessive release of data and, more importantly, illegal if it included the data of third parties, and wasn't redacted.
Kind regards,
Andrew.
New Data Protection Legislation is coming on 25 May 2018! For more information click here.
Andrew Harvey AMIRMS
Head of Information Governance
GDPR Data Protection Officer
Chair, Sussex-Wide Information Governance Group
Western Sussex Hospitals NHS Foundation Trust
Worthing Hospital, Lyndhurst Road, Worthing, BN11 2DH
Tel 01903 205111 x84508
Mob 07900 736922
Email [log in to unmask]
NHSmail [log in to unmask]
If unavailable [log in to unmask]
Is your Information Governance Mandatory Training up to date? If not, click here.
www.westernsussexhospitals.nhs.uk
The information contained in this e-mail may be subject to public disclosure under the NHS Code of Openness or the Freedom of Information Act 2000.
Any processing, redistribution, disclosure, or reproduction of this message, except as intended is prohibited. Unless the information is legally exempt from disclosure, the confidentiality of this e-mail and your reply cannot be guaranteed.
If you received this e-mail in error, please notify the sender and remove all copies of the message, including any attachments. Any views or opinions expressed in this e-mail (unless otherwise stated) may not represent those of Western Sussex Hospitals NHS Foundation Trust.
E-mails are not considered a secure medium for sending personal, sensitive or confidential information outside the Trust network unless encrypted and may therefore be at risk.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Angela Dunlop
Sent: 26 January 2018 09:15
To: [log in to unmask]
Subject: [data-protection] SAR - Access to emails
Dear All,
We have received a SAR from an ex-member of staff who has recently left the University and is seeking all emails from his inbox and sent items between a particular date range. These amount to a significant number of emails. Has anyone ever dealt with a similar request? If so, how did you approach it to determine what is the personal data of the individual? Although all of the emails are either to or from him they may contain personal data of third parties e.g. CV, completed application form etc.
Any advice would be appreciated.
Thanks
Angela
Email: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|