trickery.net  

Go Back   trickery.net > Other > Education & Careers

Reply
 
Thread Tools
Old 07-Sep-2017, 14:59   #1
BFH
Fixer of dead hard drives
BFH's Avatar
Join Date: Oct 2003
Location: The Final Frontier
Posts: 3,829
BFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond repute
Legal bods - thoughts please

In the process of reviewing our mobile phone policy at the office and have a question.

I know that most providers (yahoo,gmail etc) record the times and locations that mailboxes are accessed from. So if a member of staff against company policy adds their personal email address to their company mobile and leaves / gives the phone back - until it's wiped / reset it will keep contacting that service and downloading their mailbox etc. You would assume of course that anyone in this situation would clear/reset the phone before handing it back anyway but i'm trying to get a handle on any issues that might come about if they didn't.

I assume I'm right that under the DPA (and probably one or two other laws) we can't open that mailbox up as it's personal data. However, what if the member of staff (for whatever reason) has been communicating business related stuff under that mailbox - we would need to review it in order to ascertain this. And after all, this is a company mobile so the only thing that should be on it is work related data.

So, the question is - if this is done by a member of staff (which as far as we are aware isn't the case), where do we stand legally in terms of accessing what is on the phone. Granted you would assume that texts / photos - data in general should be of a company nature but if we also see that a say Yahoo account has been added to the phone, are we legally allowed to open that to verify that it's work related?

Hopefully we'll never be in this situation so it's all a fact finding exercise really.
__________________
Elite Dangerous Current ship: Imperial Clipper,Cmdr Naughtius Maximus,Moto: fuck it
The BFH: http://www.andystoolkit.co.uk/thebfh.php
BFH is offline  
Reply With Quote
Old 07-Sep-2017, 15:08   #2
Inertiaman
Join Date: Oct 2003
Posts: 39,934
Inertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond repute
Use MDM and stop them being able to add those accounts.
__________________
Quote:
Originally Posted by Karmic
what you say doesn't count for shit because you rely on quotes from websites that are obviously biased
Inertiaman is offline  
Reply With Quote
Old 07-Sep-2017, 15:09   #3
BFH
Fixer of dead hard drives
BFH's Avatar
Join Date: Oct 2003
Location: The Final Frontier
Posts: 3,829
BFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond repute
Quote:
Originally Posted by Inertiaman View Post
Use MDM and stop them being able to add those accounts.
yes yes i know that - but i've been asked to review the policy so....
__________________
Elite Dangerous Current ship: Imperial Clipper,Cmdr Naughtius Maximus,Moto: fuck it
The BFH: http://www.andystoolkit.co.uk/thebfh.php
BFH is offline  
Reply With Quote
Old 07-Sep-2017, 15:21   #4
Ferg
Default Title Here
Join Date: Oct 2003
Posts: 2,059
Ferg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond repute
The policy should state that the phone is a work phone and they must have no expectation of privacy.

The policy should also require (enforced via MDM or AD) strong authentication, like a 6 digit code to unlock, so you wouldn't be able to get into it anyway.
Ferg is offline  
Reply With Quote
Old 07-Sep-2017, 15:39   #5
Inertiaman
Join Date: Oct 2003
Posts: 39,934
Inertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond repute
Quote:
Originally Posted by Ferg View Post
they must have no expectation of privacy.
That doesn't fly. Any ex staffer can request erasure of personal or retained professional information under DPA guidance unless that information is demonstrably part of an ongoing legal dispute. If you don't comply that individual could then complain to the ICO.
__________________
Quote:
Originally Posted by Karmic
what you say doesn't count for shit because you rely on quotes from websites that are obviously biased
Inertiaman is offline  
Reply With Quote
Old 07-Sep-2017, 15:49   #6
Ferg
Default Title Here
Join Date: Oct 2003
Posts: 2,059
Ferg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond repute
I don't see those two things as mutually exclusive.

Reviewing peoples personal mail seems excessive anyway. I'd have a policy that wipes all phones when they come back in, and if you're that worried about your data I'd use MDM to compartmentalise it and/or prevent it being forwarded.
Ferg is offline  
Reply With Quote
Old 07-Sep-2017, 15:52   #7
Inertiaman
Join Date: Oct 2003
Posts: 39,934
Inertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond reputeInertiaman has a reputation beyond repute
They're exclusive in the example of retention cited in the OP but entirely with you on policy and practice otherwise.
__________________
Quote:
Originally Posted by Karmic
what you say doesn't count for shit because you rely on quotes from websites that are obviously biased
Inertiaman is offline  
Reply With Quote
Old 07-Sep-2017, 15:53   #8
Ferg
Default Title Here
Join Date: Oct 2003
Posts: 2,059
Ferg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond reputeFerg has a reputation beyond repute
I'm a firm believer in prevention rather than detection and sanctioning.

If you don't want people to do something, don't let them. If you let them, don't complain when they do it.
Ferg is offline  
Reply With Quote
Old 07-Sep-2017, 16:00   #9
Scrobbs
Sunnyvale Supervisor
Scrobbs's Avatar
Join Date: Oct 2003
Location: In the pipe, five by five.
Posts: 16,585
Scrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond reputeScrobbs has a reputation beyond repute
The work phone/personal data will come up against GDPR. We're still undecided, as it could be quite a complex issue and may only be resolved with actual case law. I think we make it more complex for ourselves, as if you use your personal phone for work (and get a small stipend for it) we do require it to be remote wiped etc.
__________________
http://bit.ly/debatethebill
Scrobbs is offline  
Reply With Quote
Old 07-Sep-2017, 16:16   #10
BFH
Fixer of dead hard drives
BFH's Avatar
Join Date: Oct 2003
Location: The Final Frontier
Posts: 3,829
BFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond reputeBFH has a reputation beyond repute
Cheers for the feedback.

I think we are pretty much done in terms of what we will do proceduraly.

As it happens I've just finished having a chat with the ICO and they say the mailbox should just be removed without being opened/reviewed. Yes, by putting it on there the staff member is in breach of policy. If something bad happens due to them carrying out work through it and the company faces a shit storm because of the mailbox being wiped and we weren't aware of something - so be it.

So as long as MDM covers stuff there shouldn't be a problem anyway.

Which i suspected was the case anyway but it's nice to get it confirmed.
__________________
Elite Dangerous Current ship: Imperial Clipper,Cmdr Naughtius Maximus,Moto: fuck it
The BFH: http://www.andystoolkit.co.uk/thebfh.php
BFH is offline  
Reply With Quote
Reply

Go Back   trickery.net > Other > Education & Careers

Tags
dick pics left on phone

Similar Threads
Thread Thread Starter Forum Replies Last Post
Legal bods... BFH Discussion 10 16-Aug-2012 21:39
Legal advice.... jimbobaggies Discussion 42 26-May-2009 11:06
Legal Bright Skins Brain_Murders Unreal Tournament Series 11 05-May-2004 22:58
Rockstar Under More Legal Pressure NWA News 6 23-Dec-2003 23:12
Thoughts Of Mind Murasame Poetry & Creative Writing 3 15-Dec-2003 19:30

Users Viewing Thread: 1 (0 members and 1 guests)
 

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 08:00.


Powered by vBulletin® Version 3.7.0 Release Candidate 3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 2003 - 2013, trickery.net