info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
OT: Data Protection UK
3 views
Skip to first unread message
Cathy
Feb 19, 2014, 6:01:00 PM2/19/14
to
As a consultant I have been asked by a company to remove the default "My
Documents" from users computers as the company seem to suggest they have
encountereed problems where staff store work documents in their "my
document" and when they are away on leave nobody else seem to be able to
access these work documents. The idea is to set the default file save
location to the appropriate location. Whilst I have not looked into the
possibilities of how this can be accomplished I have a slight concern here.
In the old days, most employees were given a desk, with a set of drawers and
more than likely a set of keys for the set of drawers so that they could
secure that box of mars bars from prying eyes. In places where hot desking
was introduced, I have seen employers provide lockers for staff to securely
store their personal items.
Whilst I am only joking when I suggest a mars bar (it could be other
personal effects or documentation), I do think such secure has become the
norm and people expect an employee to provide secure storage of personal
effects if needed whilst I appreciate that perhaps not all employees might
need this.
In the same sense, I believe it has become a norm for companies to provide
employees with a personal drive, where my documents are normally stored and
employees have come to trust that these documents are securely stored and
that nobody else will have access to their personal documents they store in
this location. I do appreciate that IT staff probably do have access to this
information but they themselves are signed up to a code of conduct to not
pry into personal information, whether in persons "My Documents" or email
inbox unless an official investigation is underway and even in those
circumstances a clear definition of what is to be looked for should be
defined and only data containing the information in question can be looked
at, not data that is irrelivant to the investigation.
What I am curious about is what is the employees rights to storing personal
documents and can the employer take away that function of having access to
secure personal storage.
Some examples come to mind
1. Staff member has a quarrel with his boss, he notifies HR, or his Union
Rep, who advises him to keep a log of all incidents. The employee stores
this information in his "My Documents" folder and expects that his document
will be secure and can only be accessed if for whatever reason he is being
investigated.
2. Staff member has just received an email from somebody advising he has
contracted an embarrasing illness. He needs to take time off work for this
but decides he prefers to keep the details of the illness private. He does
however need to keep a record of this in case he is ever pulled up on this
for taking time off work work.
3. Employee wants to put together a formal document to impress his boss, but
knows that he has poor grammer and spelling. He therefore prefers to store
stuff in this "My Documents" area whilst he is working on the document
before saving it to the teams Shared folder for everybody in the team to
look at and potentially laugh at him.
4. A manager or employee is asked to investigate another member of staff,
storing stuff in "My documents" should be the obvious choice to keep stuff
secure as storing stuff in a teams shared folder and then securing that,
might not only make people suspicious when they cannot access the folder,
but might undermine your investigation
I am sure there are other and better examples that could justify why
employees should be entitled to secure storage at work.
If anybody has any more information on this I would appreciate all views or
references to sites that clarify what the legal points are in the UK.
Everybody has a right to privacy at work when they go to the toilet, I
expect that similarly they have a right to keep their personal data secure.
If a company has concerns that it is under no obligation to provide storage
of large amounts of personal data where members of staff store their holiday
pics etc, then the solution is simple, restrict the amount of data to a
small amount instead.
C
Documents" from users computers as the company seem to suggest they have
encountereed problems where staff store work documents in their "my
document" and when they are away on leave nobody else seem to be able to
access these work documents. The idea is to set the default file save
location to the appropriate location. Whilst I have not looked into the
possibilities of how this can be accomplished I have a slight concern here.
In the old days, most employees were given a desk, with a set of drawers and
more than likely a set of keys for the set of drawers so that they could
secure that box of mars bars from prying eyes. In places where hot desking
was introduced, I have seen employers provide lockers for staff to securely
store their personal items.
Whilst I am only joking when I suggest a mars bar (it could be other
personal effects or documentation), I do think such secure has become the
norm and people expect an employee to provide secure storage of personal
effects if needed whilst I appreciate that perhaps not all employees might
need this.
In the same sense, I believe it has become a norm for companies to provide
employees with a personal drive, where my documents are normally stored and
employees have come to trust that these documents are securely stored and
that nobody else will have access to their personal documents they store in
this location. I do appreciate that IT staff probably do have access to this
information but they themselves are signed up to a code of conduct to not
pry into personal information, whether in persons "My Documents" or email
inbox unless an official investigation is underway and even in those
circumstances a clear definition of what is to be looked for should be
defined and only data containing the information in question can be looked
at, not data that is irrelivant to the investigation.
What I am curious about is what is the employees rights to storing personal
documents and can the employer take away that function of having access to
secure personal storage.
Some examples come to mind
1. Staff member has a quarrel with his boss, he notifies HR, or his Union
Rep, who advises him to keep a log of all incidents. The employee stores
this information in his "My Documents" folder and expects that his document
will be secure and can only be accessed if for whatever reason he is being
investigated.
2. Staff member has just received an email from somebody advising he has
contracted an embarrasing illness. He needs to take time off work for this
but decides he prefers to keep the details of the illness private. He does
however need to keep a record of this in case he is ever pulled up on this
for taking time off work work.
3. Employee wants to put together a formal document to impress his boss, but
knows that he has poor grammer and spelling. He therefore prefers to store
stuff in this "My Documents" area whilst he is working on the document
before saving it to the teams Shared folder for everybody in the team to
look at and potentially laugh at him.
4. A manager or employee is asked to investigate another member of staff,
storing stuff in "My documents" should be the obvious choice to keep stuff
secure as storing stuff in a teams shared folder and then securing that,
might not only make people suspicious when they cannot access the folder,
but might undermine your investigation
I am sure there are other and better examples that could justify why
employees should be entitled to secure storage at work.
If anybody has any more information on this I would appreciate all views or
references to sites that clarify what the legal points are in the UK.
Everybody has a right to privacy at work when they go to the toilet, I
expect that similarly they have a right to keep their personal data secure.
If a company has concerns that it is under no obligation to provide storage
of large amounts of personal data where members of staff store their holiday
pics etc, then the solution is simple, restrict the amount of data to a
small amount instead.
C
0 new messages