+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26
School ICT Policies Thread, Been asked to provide logs/possibly investigate member of staff in School Administration; A key thing that I have stuck to is that if I am to do stuff like this, I require ...
  1. #16

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    A key thing that I have stuck to is that if I am to do stuff like this, I require a third party to be watching whilst I do it. ie. if the head wants me to get logs, then someone on SMT should be watching whilst I am doing it, so as to show I'm not doing anything bad myself.

  2. Thanks to localzuk from:

    Oops_my_bad (12th March 2009)

  3. #17
    ayoward's Avatar
    Join Date
    Apr 2009
    Location
    North Yorkshire
    Posts
    78
    Thank Post
    28
    Thanked 36 Times in 17 Posts
    Rep Power
    18

    Exclamation Tread very carefully

    As an RBC we keep logs of all internet traffic that goes through our wires, but you have to be very careful when giving logs to people upon request. Unless you have an AUP in place signed by the user that they acknowledge that their internet use will monitored and logged, you could be in breach of one of three acts, the Human Rights Act, the Data protection Act and RIPA. Under guidelines issued by BECTA, if your SMT was asking me to give them the logs in these circumstances without a signed AUP in place, I would have to refuse.

    Regards,

    Andrew

  4. 2 Thanks to ayoward:

    Oops_my_bad (2nd April 2009), _Jo_ (8th April 2009)

  5. #18

    Join Date
    Oct 2007
    Location
    Lincolnshire
    Posts
    133
    Thank Post
    0
    Thanked 22 Times in 22 Posts
    Rep Power
    18
    I agree with ayoward on this.

    According to the Data Protection Act any data related to an individual can only be used for the purpose for which it was originally collected and the individual must have consented to its collection in the first place. You would normally have them sign an AUP to that effect before they got access to the system. Since you don't have prior consent from your users, I don't think you can legally disclose the log data.

    Most importantly -> "Unauthorized disclosure of personal data attracts personal criminal liability", so be careful.

  6. #19
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,151
    Thank Post
    191
    Thanked 235 Times in 199 Posts
    Rep Power
    94
    I agree with some points raised here but disagree on others.
    It really depends what the basis for the request is.

    If it is simply becuase the Head suspects he's got loads of music in his home directory, or was logging on to the HT's pc, or for some other kind of flimsy reason, then I would either not give the information, or just give the raw basics that I felt comfortable with.

    If however, the HT is asking as it is a potential Child Protection issue or other legal issue which is being internally / externally investigated then I would say one thing - co-operate.
    This individual might one day be able to turn round and attempt to use data protection laws against you, but there is not a court in the land that would uphold such a case when the actions were supporting the investigation of a higher offence.
    Last edited by mb2k01; 2nd April 2009 at 05:34 PM.

  7. #20
    ayoward's Avatar
    Join Date
    Apr 2009
    Location
    North Yorkshire
    Posts
    78
    Thank Post
    28
    Thanked 36 Times in 17 Posts
    Rep Power
    18
    That may be, but there isn't a decent lawyer in this country who wouldn't make sure the evidence was inadmissable if the Data Protection Act had been breached/hadn't been followed, so the case wouldn't even get to court if that was all you had.

  8. Thanks to ayoward from:

    mwalpole (8th April 2009)

  9. #21
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,151
    Thank Post
    191
    Thanked 235 Times in 199 Posts
    Rep Power
    94
    I'm not sure that I accept the inadmissable evidence scenario....
    ...but then I work in IT, and am only an observer/semi-geek of Law!

  10. #22
    rad
    rad is offline
    rad's Avatar
    Join Date
    Jan 2009
    Location
    Middlesex
    Posts
    2,570
    Thank Post
    349
    Thanked 328 Times in 248 Posts
    Rep Power
    113
    I have been involved in a situation that was difficult.

    The person involved was caught by students and they reported to us. We knew the person involved very well too. The students ended up telling a member of SLT before we could which sort of saved the agro.

    What you may want to do as has been mentioned is to keep a log of what you did when and what you presented. It could be in 6 months time you are asked about this and need to refresh your memory.

  11. #23
    mwalpole's Avatar
    Join Date
    Apr 2009
    Location
    Scunthorpe
    Posts
    109
    Thank Post
    39
    Thanked 34 Times in 22 Posts
    Rep Power
    17
    What you have to remember is a court of law upholds the law. It is not interested in what is just or fair or even the right result. It is there to enforce the law as is written, or use precedent to determine the appropriate legal result.

    If you breach the Data Protection act, you are in breech of the law of the land. Your reasons for doing it may be taken into account at the sentencing stage, but are unlikely to offer you much protection from having the case brought against you in the first place.

    If in doubt, don't take the risk.

  12. #24

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by mwalpole View Post
    What you have to remember is a court of law upholds the law. It is not interested in what is just or fair or even the right result. It is there to enforce the law as is written, or use precedent to determine the appropriate legal result.

    If you breach the Data Protection act, you are in breech of the law of the land. Your reasons for doing it may be taken into account at the sentencing stage, but are unlikely to offer you much protection from having the case brought against you in the first place.

    If in doubt, don't take the risk.
    You'll find that the law is written with protections in many cases. Various defence clauses to be taken into account. This is done before the sentencing stage. It should be taken into account when the case is passed to the CPS, and then if it still ends up in court, it should be presented as an argument to the court by your legal representative.

    Also, a court upholds the law, but in some circumstances it can get back to Hansard, and look at what the law was *intended* to do - not just how it is written - but this requires for some aspect of ambiguity to exist, and lower courts will not often allow it.

    Also, remember that the courts are required to balance the laws of the UK with the provisions of the Human Rights Act. And if the latter overrides the prior, they can (although it is very rare, if it has been done at all yet), declare the law to be incorrect. It is also a case of balance. Do the rights on one side outweigh the rights on the other (hence the measuring balances on Lady Justice).

    So, it can be there to uphold what is just, right and fair. It is just very rare...

    If in doubt, refer it to your managers. If they try to get you to do something you feel uncomfortable with speak to your union legal bods. They will be useful for this sort of thing.

  13. #25
    mwalpole's Avatar
    Join Date
    Apr 2009
    Location
    Scunthorpe
    Posts
    109
    Thank Post
    39
    Thanked 34 Times in 22 Posts
    Rep Power
    17
    Legal defences, to my knowledge, do not include "because I thought it was the right thing to do". You are much better to seek advice.

    As localzuk rightly says, just be wary of doing anything without clearing it with your manager and legally qualified people with experience in data protection laws. Get any and all advice given to yout in writing as it can often be difficult to prove anything said orally.

    The Human Rights Act is one of the laws you are actually trying to breach by disclosing the data.

    As a general rule, regarding anything data related, seek legal advice first. You could ask your manager but without going to someone who knows the law on this area, you are potentially risking a legal case against you.

    I might have a law degree, but I would be reluctant to make any decisions on what to do, as it is quite possible the law has changed since I studied it!

    I would advise against following any advice given on internet forums regarding the law, unless the person giving the advice is a practicing solicitor or barrister. You are always best to seek legal advice.
    Last edited by mwalpole; 8th April 2009 at 02:36 PM.

  14. #26

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,159
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    125
    Worth remembering that if it ends up in court, what really matters is who's sitting in the jury box - juries have a tendency to do their own thing if they think either prosecution or defence are being stupid! (and, given the fact that jury discussions remain private, I couldn't possibly say whether this relates to any trial at which I have been a juror!)



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. New Wiki Staff Member
    By FN-GM in forum Wiki Announcements
    Replies: 25
    Last Post: 14th June 2008, 08:09 PM
  2. Need a home PC for a member of staff
    By Dos_Box in forum Recommended Suppliers
    Replies: 8
    Last Post: 5th January 2007, 07:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •