School ICT Policies Thread, Been asked to provide logs/possibly investigate member of staff in School Administration; A key thing that I have stuck to is that if I am to do stuff like this, I require ...
12th March 2009, 04:42 PM #16
A key thing that I have stuck to is that if I am to do stuff like this, I require a third party to be watching whilst I do it. ie. if the head wants me to get logs, then someone on SMT should be watching whilst I am doing it, so as to show I'm not doing anything bad myself.
Thanks to localzuk from:
Oops_my_bad (12th March 2009)
IDG Tech News
2nd April 2009, 04:43 PM #17
Tread very carefully
As an RBC we keep logs of all internet traffic that goes through our wires, but you have to be very careful when giving logs to people upon request. Unless you have an AUP in place signed by the user that they acknowledge that their internet use will monitored and logged, you could be in breach of one of three acts, the Human Rights Act, the Data protection Act and RIPA. Under guidelines issued by BECTA, if your SMT was asking me to give them the logs in these circumstances without a signed AUP in place, I would have to refuse.
2 Thanks to ayoward:
Oops_my_bad (2nd April 2009), _Jo_ (8th April 2009)
2nd April 2009, 05:16 PM #18
I agree with ayoward on this.
According to the Data Protection Act any data related to an individual can only be used for the purpose for which it was originally collected and the individual must have consented to its collection in the first place. You would normally have them sign an AUP to that effect before they got access to the system. Since you don't have prior consent from your users, I don't think you can legally disclose the log data.
Most importantly -> "Unauthorized disclosure of personal data attracts personal criminal liability", so be careful.
2nd April 2009, 05:28 PM #19
I agree with some points raised here but disagree on others.
It really depends what the basis for the request is.
If it is simply becuase the Head suspects he's got loads of music in his home directory, or was logging on to the HT's pc, or for some other kind of flimsy reason, then I would either not give the information, or just give the raw basics that I felt comfortable with.
If however, the HT is asking as it is a potential Child Protection issue or other legal issue which is being internally / externally investigated then I would say one thing - co-operate.
This individual might one day be able to turn round and attempt to use data protection laws against you, but there is not a court in the land that would uphold such a case when the actions were supporting the investigation of a higher offence.
Last edited by mb2k01; 2nd April 2009 at 05:34 PM.
3rd April 2009, 09:27 AM #20
That may be, but there isn't a decent lawyer in this country who wouldn't make sure the evidence was inadmissable if the Data Protection Act had been breached/hadn't been followed, so the case wouldn't even get to court if that was all you had.
Thanks to ayoward from:
mwalpole (8th April 2009)
3rd April 2009, 05:38 PM #21
I'm not sure that I accept the inadmissable evidence scenario....
...but then I work in IT, and am only an observer/semi-geek of Law!
3rd April 2009, 09:08 PM #22
I have been involved in a situation that was difficult.
The person involved was caught by students and they reported to us. We knew the person involved very well too. The students ended up telling a member of SLT before we could which sort of saved the agro.
What you may want to do as has been mentioned is to keep a log of what you did when and what you presented. It could be in 6 months time you are asked about this and need to refresh your memory.
8th April 2009, 01:51 PM #23
What you have to remember is a court of law upholds the law. It is not interested in what is just or fair or even the right result. It is there to enforce the law as is written, or use precedent to determine the appropriate legal result.
If you breach the Data Protection act, you are in breech of the law of the land. Your reasons for doing it may be taken into account at the sentencing stage, but are unlikely to offer you much protection from having the case brought against you in the first place.
If in doubt, don't take the risk.
8th April 2009, 02:10 PM #24
You'll find that the law is written with protections in many cases. Various defence clauses to be taken into account. This is done before the sentencing stage. It should be taken into account when the case is passed to the CPS, and then if it still ends up in court, it should be presented as an argument to the court by your legal representative.
Originally Posted by mwalpole
Also, a court upholds the law, but in some circumstances it can get back to Hansard, and look at what the law was *intended* to do - not just how it is written - but this requires for some aspect of ambiguity to exist, and lower courts will not often allow it.
Also, remember that the courts are required to balance the laws of the UK with the provisions of the Human Rights Act. And if the latter overrides the prior, they can (although it is very rare, if it has been done at all yet), declare the law to be incorrect. It is also a case of balance. Do the rights on one side outweigh the rights on the other (hence the measuring balances on Lady Justice).
So, it can be there to uphold what is just, right and fair. It is just very rare...
If in doubt, refer it to your managers. If they try to get you to do something you feel uncomfortable with speak to your union legal bods. They will be useful for this sort of thing.
8th April 2009, 02:21 PM #25
Legal defences, to my knowledge, do not include "because I thought it was the right thing to do". You are much better to seek advice.
As localzuk rightly says, just be wary of doing anything without clearing it with your manager and legally qualified people with experience in data protection laws. Get any and all advice given to yout in writing as it can often be difficult to prove anything said orally.
The Human Rights Act is one of the laws you are actually trying to breach by disclosing the data.
As a general rule, regarding anything data related, seek legal advice first. You could ask your manager but without going to someone who knows the law on this area, you are potentially risking a legal case against you.
I might have a law degree, but I would be reluctant to make any decisions on what to do, as it is quite possible the law has changed since I studied it!
I would advise against following any advice given on internet forums regarding the law, unless the person giving the advice is a practicing solicitor or barrister. You are always best to seek legal advice.
Last edited by mwalpole; 8th April 2009 at 02:36 PM.
8th April 2009, 04:31 PM #26
Worth remembering that if it ends up in court, what really matters is who's sitting in the jury box - juries have a tendency to do their own thing if they think either prosecution or defence are being stupid! (and, given the fact that jury discussions remain private, I couldn't possibly say whether this relates to any trial at which I have been a juror!)
By FN-GM in forum Wiki Announcements
Last Post: 14th June 2008, 08:09 PM
By Dos_Box in forum Recommended Suppliers
Last Post: 5th January 2007, 07:12 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)