Tuesday 6 December 2011

Access to emails....and a response to my RIPA request

At a meeting of the Council's Standards Committee in September, further information was requested about senior officers' access to employees emails. The legal department has come back to this month's meeting with this brief summary which I am finding a little puzzling;

(2) The authority’s email usage policy makes it clear that emails generated by, or accessed via, council owned equipment will not be considered as the private property of their creator/recipient, and that the authority may access those emails at any time without an individual’s consent or knowledge.

(3) Individual senior officers cannot directly access the emails of others in the authority, unless they have been permission to do so by that person.

(4) A senior officer can request that an individual email account be examined by the IT department, but will be expected to give good reasons why this should take place.

I can understand that, in the public interest, the ability to monitor communications, either manually or automatically, may be necessary to detect fraud, inappropriate/offensive behaviour, or during the course of a criminal investigation etc etc and to those ends, there is the aforementioned 'email usage' policy. What puzzles me is the distinction between 'the Authority' and 'senior/individual officers'. Who, or what, is the 'Authority'? Is this a collection of named individuals eg a group of senior officers/Councillors? or is it one senior officer delegated to represent the authority? or is it a shape-shifting entity who's definition depends on the intended purpose? Permission is then required for an individual officer to access the emails of another, unless I suppose they are acting on behalf of the Authority? And, in (4), 'good reasons' need to be given - so what would they be then? and on what criteria would they be based? And what of  'council owned equipment', I assume that means all staff and Members with Council computers, but does it include schools, libraries, other entities owned or contracted to the council? It's all a bit vague really...something to chew over anyway...

I have had a response to my Freedom of Information request for information on the Council's use of the Regulatory and Investigatory Powers Act and surveillance;

http://www.whatdotheyknow.com/request/regulation_of_investigatory_powe_12#incoming-233378

I haven't had time to fully assess the response yet but will do in due course. At first glance there doesn't seem to be anything untoward. The last inspection report by the Surveillance Commission in April 2010 is included (pdf), it appears this is done every two years and overall, apart from a couple of recommendations, everything seemed fine. Unfortunately, according to the report, even though the visit was pre-arranged, the Council's CCTV operations room was out of bounds and the Chief Executive was 'unavailable'. Incidentally I can't, so far, see any mention of the use of private detectives, mentioned here.

1 comment:

Andy said...

The 'Authority', or the Council is a legal entity in itself, whereas individual officers are just that, individuals.

In theory, everything an individual officer does while at work is in the name of the council and should be in line with its policies. If it isn't then disciplinary action can ensue.