LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	RAINdrip:A Personal Email Records Management And Privacy Problem
From:	Larry Medina <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 20 Mar 2013 10:42:26 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

(Anybody ELSE having problems with messages being returned on postings?? I
had a shortened link in this the first time)

Here's a pretty interesting one related to Canada's (BC) InfoSec and
Privacy provisions on use of email:

http://www.jdsupra.com/legalnews/a-personal-email-records-management-and-04288/

While the disallowing the use of private email for the public sector is
quite similar to US requirements, the concept of CONTROL is a bit difficult
to understand.  How do you control something if you don't have custody of
it?

"  The OIPBC’s general rule is that “any email that an employee sends or
receives as part of her or his employment duties will be a record under the
public body’s control, even if a personal account is use.” These records
may, therefore, be subject to access to information requests even though
the organization does not have possession of the email record."

So they may be subject to their equivalent of FOIA, but they would need to
prove they exist first, correct?

And it gets more confusing  when they apply to the private sector:

" This isn’t just a public sector problem. For example, subsection 23(1) of
the British Columbia Personal Information Protection Act (“PIPA”), which
applies to private sector organizations in British Columbia, provides that
an organization must provide an individual with the individual’s personal
information under the control of the organization."

Again, no custody,  so how can they exercise control?

They have a rather unique situation regarding "control" in their
provisions- in the same article under "Information Security Obligations" it
says that the organization is liable if they ALLOW employees to transmit
information outside of the organization, because they failed to CONTROL it.

Larry
[log in to unmask]


-- 
*Lawrence J. Medina
Danville, CA
RIM Professional since 1972*

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US