Announcement

Collapse
No announcement yet.

Exchange Legal query

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange Legal query

    Hello, I've a legal question for you. I've just started a new job, and just getting to grips with the systems. One thing concerned me though. The IT manager has set it up so that every email sent out through our exchange server is copied to the administrator account for easy retreival. this is then archived off every so often.

    My question is would this be in breach of the data protection act? I know it says that access is allowed by a discrete manager but I was in the understanding that you still need valid reasons for accessing peoples emails. (quarantined emails aside)

    could someone answer this for me or point me in the right direction? I'm unsure if this is the right forum to post this in but i've used this forum before and alot of the users are helpful and knowledgeable.

    PS I'm in the UK

    thanks

    Dave

  • #2
    Re: Exchange Legal query

    The Data Protection Act covers access to and protection of PERSONAL data. I don't think that emails sent using a corporate email system are covered under that definition. However, I would like to recommend a site to you that is non-commercial (it's run on the basis of voluntary donations) which has a LOT of experience with the DPA.

    It's going to take a bit of finding your way around the forums, but if you post your enquiry there (in non-techy speak) I'm sure you'll get a whole HOST of legal opinion in reply.

    I'm pretty sure there must also be other Law around this issue though; the Misuse of Computers Act may have something going on.

    The forum I mentioned is http://www.consumeractiongroup.co.uk/forum


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Exchange Legal query

      You should consult lawyers if you want a good answer. None of us here have passed the bar exam (that I know of).

      Legal discussion makes me want to vomit. Too much of a bulley system if you ask me.
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment


      • #4
        Re: Exchange Legal query

        No one on this site is qualified to answer the question you have posed.
        There are so many issues that need to be taken in to account - the computer policy that employees have signed, the business type, how the emails are being stored, the content of the emails. You need to be speaking to at least HR and preferably the company lawyers.

        I don't think it is DPA, but could be on the privacy stuff, or even some of the health regulations. If you have anything to do with the USA, then you are probably covered by their legislation as well.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange Legal query

          Correction - noone that we know of on this site is qualified to give legal advice. However, anyone on the planet is qualified to answer the question - it just has to be made clear to the question poser that taking the answer as read carries a risk and he should make his own decision or take legal advice if it's still unclear.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: Exchange Legal query

            Would echo everything that people are saying about qualification, and so what I say next is only based on my present and previous jobs working in the Legal Industry in IT.

            I would generally expect there to be an IT Policy that is defined for your employees. Within this, I'd expect there to be described, your companies position on private email. In general, most firms allow it and view it alongside any policy on the use of the telephone.

            Usually, there'll be something there about monitoring both Internet use and email.

            The view is usually that email is part of the company's data, and as such, it is allowed to back it up, or to archive it, as your IT Manager seems to be doing. It is an unusual way to do it but IMO, if your IT Manager is acting on behalf of the company, then this would be an unusual but allowable method.

            The Data Protection Act, IMO, is only breachable if personal information about staff is stored via email (the DPA covers documents and email), and if this archiving method is not secured in a reasonable way.

            You generally need a valid reason to access someone else's personal data, otherwise any such ad-hoc viewing of personal email could be viewed as perhaps harassment, or be covered in some other disciplinable area.

            With the backdrop that it is the company's data, the company does not have to inform you that it will (or has) accessed your mailbox, if it has reason to suspect that your use of their systems might breach their policies (e.g if it is suspected that someone is sending porn).

            About the only issue there could be is in the way that the archive is set up. To look for any particular breach by any one person, it is necessary to browse all mail that is sent. But then, this is only one step removed from the ability of most of us here to recover a mailstore, looking to recover a mailobx, but having the ability to browse every mailstore. I'm sure that we are all professional and would not do this and we are employed on this basis. I think you'd have to trust that your manager is on this basis too.

            And use Hotmail for your private stuff. Then anything in your mailbox truly belongs to the company

            Comment


            • #7
              Re: Exchange Legal query

              I'd just like to say thanks for all the replies and the time you've taken to point me in the right directions

              Regards
              Dave

              Comment

              Working...
              X