What is the current uk law concerning the the privacy of externally
sent private emails  to private persons working at a uk bank

Dear suzi2005-ga 

The legislation relating to emails in the workplace is covered by a
number of statutes and codes and is still in its early stages as
regards to case law. There are suggestions that appeals may be made by
the Trade Unions under the Human Rights Act.

The Regulation of Investigatory Powers Act 2000 (RIPA)
Telecommunications (Lawful Business Practice) (Interception of
Communications) Regulations 2000 (LBP Regulations.)
Article 8 of the Human Rights Act 1998
Data Protection Act 1998
The Employment Practices Data Protection Code - Monitoring at work: an
employer's guide

RIPA and the LBP Regulations specify the circumstances in which
interception of communications can take place lawfully (see below). An
interception of communications that does not come within the
exceptions in the LBP Regulations or in RIPA itself is against the
law. Personal e-mails are still private but an employer has the right
to read down the message. They must stop reading immediately they
realise the message is private. If personal data is collected it must
be dealt with lawfully under the Data Protection Act.

The Human Rights Act and RIPA indicate that prior warning must be
given to an employee that their communications will be intercepted,
otherwise they may be in breach of these two acts.
Most employers are being urged to create a policy document fully
setting out how they will deal with communications by their staff and
each employer signs it consenting to monitoring.

The LBP Regulations state that communications may be monitored without
consent :
"a. To establish the existence of facts relevant to the business.
Example - recording the terms of a contract entered into by way of
electronic mail or telephone conversation.
b.  To ascertain compliance with regulatory or self-regulatory
practices or procedures relevant to the business. Example - monitoring
in order to ensure that the employer's business is complying with
external or internal regulatory rules (financial services /insurance
industry).
c.  To demonstrate standards which should be achieved by employees.
Example - this may include monitoring for quality control or staff
training purposes.
d.  To prevent or detect crime. Example - monitoring for fraud. 
e.  To investigate the unauthorised use of telecommunication systems.
Example - ensuring that employees do not breach company rules on the
use of email or telephone calls (e.g. international/personal telephone
calls without employer's consent).
f.  To ensure the effective operation of the system. Example - to
check for viruses.
g. Determining whether or not communications are relevant to the
business. Example - opening email accounts in order to access business
communications when a particular member of staff is absent due to
illness.
h.  Monitoring communications to a confidential anonymous counseling
or support help line. Example - monitoring calls to confidential help
lines in order to protect or support help line staff."

This extract was from a guide to the legislation written by a
solicitor and I recommend you read it
http://www.clickforcare.co.uk/members/m_news/coreissues/1201gss001.htm
Another advice sheet is on this link
http://www.freshfields.com/practice/finserve/publications/23624.pdf

The Employment Practices Data Protection Code - Monitoring at work: an
employer's guide, latest version is dated 27th August 2002 by The Data
Protection Act Commissioner. It is still in consultation stage but you
may find pages 38 - 40 useful as they contain a discussion and a flow
chart.
http://www.dataprotection.gov.uk/dpr/dpdoc.nsf/ed1e7ff5aa6def30802566360045bf4d/bd40bb11f58713a580256bf00055673a/$FILE/3+monitoring.pdf

The Telecommunications (Lawful Business Practice) (Interception of
Communications) Regulations 2000
http://www.legislation.hmso.gov.uk/si/si2000/20002699.htm

Regulation of Investigatory Powers Act 2000
http://www.legislation.hmso.gov.uk/acts/acts2000/20000023.htm

Human Rights Act 1998
http://www.hmso.gov.uk/acts/acts1998/19980042.htm


I hope this answers your question. If it does not, or the answer is
unclear, then please ask for clarification of this research before
rating the answer. I shall respond to the clarification request as
soon as I receive it.
Thank you
answerfinder

Search strategy
monitoring emails employees guide
://www.google.com/search?q=monitoring+emails+employees+guide&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=0&sa=N

"Lawful Business Practice" emails
://www.google.com/search?q=%22Lawful+Business+Practice%22+emails&hl=en&lr=&ie=UTF-8&oe=UTF-8

---

Request for Answer Clarification by suzi2005-ga on 02 Apr 2003 02:11 PST

Are the external private emails held on the server or deleted?

---

Clarification of Answer by answerfinder-ga on 02 Apr 2003 02:49 PST

Dear suzi2005-ga 
Your clarification question is beyond your original question but I
will try and answer it for you.
I would say it depends on your company’s policy and operating systems.
I presume you have a password to access and delete your personal
emails. However, the company may have back-up procedures for all files
held on their system. A enquiry with your IT department may provide
you with the information. You could ask for all back-up copies of the
emails to be deleted, but they may insist on viewing them to check
they are not company emails before doing so.
I can find no reference to storage of emails on servers in the
legislation. One of the Data Protection Act Principles states that
personal data should not be kept for longer than is necessary but this
would only apply where your company’s Data Controller has extracted
data from your email. Speak to your company’s Data Controller to
ascertain their policy.
Otherwise, I do not think I can assist any further. I cannot find any
relevant web sources on this specific clarification request. May I
also add that Google Answers cannot provide specific legal advice. If
you require legal advice I suggest you speak to your union
representative, if there is one at your company, or a solicitor or the
Citizen’s Advice Bureau.
answerfinder-ga

As a technical matter, never assume email is private.
No matter what laws are in place, anyone that can intercept network
traffic can read your email!
An email is not a letter, it is a postcard, and the "mailman" can read
it.
If you truly need privacy, either use encryption, or do not use email