ICO: Uni workers' personal webmail may be pried open University workers must release information from personal webmail accounts on request if it is related to public business, the Information Commissioner's Office (ICO) has said. Material in personal email accounts such as Gmail or Hotmail accounts must be disclosed under freedom of information (FOI) laws if it is related to the …
I work in technical support at a University, and it's quite tricky getting the academic staff to accept that the convenience of Gmail, Hotmail et al, comes with a bit of a price - and even harder to get them to understand that personal is not the same as private (keyword scanning etc...).
Also, at a meeting on data security and encryption, we were told, in no uncertain terms, that by law, we (as in University staff in general) could not store any personal information related to our work on any computer systems that were not "secure, and within the bounds of the European Union" - which would rule out most academic staff using a global e-mail provider.
Could get interesting, sooner, rather than later.
This post has been deleted by its author
Aye, if you have a corporate Google agreement, you get different services. The same as using MS 365, sorry 4, 3...
This article is about using /personal/ accounts - and there's no way that I know of that a person with a personal account can order google store your stuff, securely, unscanned, and in the EU.....
And exactly how are the University going to know what is in my personal none work email account to disclose it. They are not, and neither am I ever going to give them access to the contents of my personal and private account for them to find out if it contains information that should be released.
The right to privacy of the Human Rights Act would be a useful shield against this sort of total nonsense. The ICO needs to take some legal advice and consider the practicalities of his ruling if you ask me
...short of some sort of legal process.
But I'm sure they could mark your card for your annual review ("lacking collegiate attitude" ?)
The advice from the ICO - who I'm sure know more lawyers than you could shake a stick at - is for Universities to introduce the policies and guidance so they can head off the situation of having to find out who will win in a no-holds-barred smackdown between the FOI and HR acts.
Just don't ever reply to anyone in the Academic institution with your personal account, simples. Cos if the rozzers find an email from you to someone else that you haven't disclosed, or if the mail relay logs or network logs (which must be surrendered on subpoena) indicates that all your mail goes to foobar@gmail.com they may get a tad peeved.
Failure to disclose information in response to an FOI request is an offence though, so just denying knowledge when you know you have something is not a bright move. One court order to your private mail provider later and they'll have proof not only of what you were hiding but also of the fact you lied about it.
Better to have those kind of discussions in private conversations with no written record.
A lot of stuff is both (a) subject to FOI (i.e. the public has a right to access it on request) and (b) stuff you need to circulate internally as well - so kill two birds with one stone: instead of emailing it around, breaking your server with a thousand copies of an attachment, then having to make it available to outsiders anyway, just put it in one place. FoI requests for it probably won't happen in the first place, and if they do you can just reply "it's at www.example.ac.uk/meetings/senate/2011/09/1/ so get it yourself". Simples.
It's not as if the stuff's sensitive, for the most part: instead of looking for excuses to hide everything they can, why not publish everything they can and focus on protecting the little bit that really needs to be locked away?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
