Are UK Exchange Admins feeling the impact of this ????? Do the group have comments ? This is taken from some marketing material forwarded to me, I've removed advertising blurb from the end of the mail. Fiona -----Original Message----- Sent: 12 December 2001 17:39 Subject: UK Data Protection law changes affect Exchange Administrators
Included in here * the law changes and how they affect YOU * the eight principles of the Data Protection law * how the Exchange Admin can help your company comply * three actions you should take to help uphold the law -------------- How the new Data Protection Act affects the Exchange Administrator Are you aware that the Data Protection Act changed on 24 October 2001, and that some of the clauses of its enforcement affect YOU? If you don't like reading e-mail about implications on the law, read just this one, it may save your company a lot of time and money. Changes in the law mean that even previously exempt companies now have to comply. Much of the law revolves around employees being able to request access to information held about themselves and it being held securely. And this includes data held in e-mails and public folders! So here is a good question for you. How would your Data Protection Officer search for personnel type information in your Exchange environment (mailboxes and/or folders)? Here are the 8 basic principles for Data Protection and work out which can be affected by the Exchange Administrator. Personal data must be ... 1 fairly and lawfully processed 2 processed for limited purposes 3 adequate, relevant and not excessive 4 accurate 5 not kept longer than necessary 6 processed in accordance with the data subject's rights 7 secure 8 not transferred to countries without adequate protection Obviously these are under the jurisdiction of the Data Protection Officer (DPO) or Information Officer (IO). But in terms of data held as e-mail YOU as the Exchange Admin have high levels of control on points 5, 7 and 8. What do you need to do? 1 - discuss the length of time that your DPO/IO wants such information held (point 5) and show him/her how you can manage that in Exchange. 2 - ensure that only the correct people have access to the e-mails/folders, and that no inadvertent rights have been granted (point 7). 3 - ensure none of this information has been exported/replicated to other servers (point 8). If it has, check where these servers are located, if in European Union, you are probably OK. If they are outside the EU (US or elsewhere) then talk to your DPO/IO, you need advice and they need to be aware. Remember Data Protection is not just about information coming and going from your system, but primarily about the information already stored there. *** If its there, you must be able to find it and ensure it is secure.*** Principles of Data Protection can be found at http://www.dataprotection.gov.uk/principl.htm <http://www.dataprotection.gov.uk/principl.htm> -- _______________________________________________________________________________ The information in this email and in any attachment(s) is commercial in confidence. If you are not the named addressee(s) or if you receive this email in error then any distribution, copying or use of this communication or the information in it is strictly prohibited. Please notify us immediately by email at [EMAIL PROTECTED], and then delete this message from your computer. While attachments are virus checked, AWE plc does not accept any liability in respect of any virus which is not detected. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]