Exchange Transport Rule
I have been asked by a 3rd party software supplier to setup a transport rule on a 2007 Exchange Server that BCC's or copies all incoming & outgoing mail for all staff mailboxes to a specific mailbox with a retention policy of 10 days.
Firstly is this possible and any tips on how i can set this up??
Many Thanks
Firstly is this possible and any tips on how i can set this up??
Many Thanks
Alex
I'm pretty confident that what you're wanting to do is in fact illegal and breaches the data protection act.
ASKER
Hi Alex
Thanks for coming back to me, the client does not allow the use of company email for personal use & is in the staff T&C's, do you still think this causes data protection issue?
Thanks for coming back to me, the client does not allow the use of company email for personal use & is in the staff T&C's, do you still think this causes data protection issue?
That's irrelevant, the data protection act is to cover not only personal but work based email as well. In order for a company to search the mailboxes of an employee, it requires sign off from HR and director approval.
As far as the law goes, this is a massive no no.
As far as the law goes, this is a massive no no.
Wait, what country you in?
ASKER
UK
Technically that can be done, but the questions are, are you setting up Journaling/Archiving ?? if yes then the application is mostly hosted on the org network and with the company datacenter....
you should get the approval from your company Compliance team for more clarity on the data protection....
you should get the approval from your company Compliance team for more clarity on the data protection....
https://www.citizensadvice.org.uk/work/rights-at-work/basic-rights-and-contracts/monitoring-at-work/
Monitoring electronic communications at work
Your employer can legally monitor your use of the phone, internet, e-mail or fax in the workplace if:
the monitoring relates to the business
the equipment being monitored is provided partly or wholly for work
your employer has made all reasonable efforts to inform you that your communications will be monitored.
You should bear in mind that these circumstances cover almost every situation where your employer might want to monitor your electronic communications, except where the monitoring is for purely private or spiteful reasons.
As long as your employer sticks to these rules, they don't need to get your consent before they monitor your electronic communications, but only if it is for one of the following reasons:
to establish facts which are relevant to the business, to check that procedures are being followed, or to check standards, for example, listening in to phone-calls to assess the quality of your work
to prevent or detect crime
to check for unauthorised use of telecommunications systems, such as whether you are using the internet or email for personal use
to make sure electronic systems are operating effectively, for example, to prevent computer viruses entering the system
to check whether a communication you have received, such as an email or phone-call is relevant to the business. In this case, your employer can open up your emails or listen to voice-mails but is not allowed to record your calls
to check calls to confidential help lines. In this case, your employer can listen in, but is not allowed to record these calls
in the interests of national security.
This needs to be done with automated software, not having someone sitting down reading through it all for a nose when they are bored.
Monitoring electronic communications at work
Your employer can legally monitor your use of the phone, internet, e-mail or fax in the workplace if:
the monitoring relates to the business
the equipment being monitored is provided partly or wholly for work
your employer has made all reasonable efforts to inform you that your communications will be monitored.
You should bear in mind that these circumstances cover almost every situation where your employer might want to monitor your electronic communications, except where the monitoring is for purely private or spiteful reasons.
As long as your employer sticks to these rules, they don't need to get your consent before they monitor your electronic communications, but only if it is for one of the following reasons:
to establish facts which are relevant to the business, to check that procedures are being followed, or to check standards, for example, listening in to phone-calls to assess the quality of your work
to prevent or detect crime
to check for unauthorised use of telecommunications systems, such as whether you are using the internet or email for personal use
to make sure electronic systems are operating effectively, for example, to prevent computer viruses entering the system
to check whether a communication you have received, such as an email or phone-call is relevant to the business. In this case, your employer can open up your emails or listen to voice-mails but is not allowed to record your calls
to check calls to confidential help lines. In this case, your employer can listen in, but is not allowed to record these calls
in the interests of national security.
This needs to be done with automated software, not having someone sitting down reading through it all for a nose when they are bored.
Another one here
http://www.yourprivacy.co.uk/emailprivacyatwork.html
A company got Sued and they lost because of this type of set up.
http://www.yourprivacy.co.uk/emailprivacyatwork.html
A company got Sued and they lost because of this type of set up.
ASKER
Thanks for that, i spoke with the software supplier and they have advised they have multiple customers using this kind of setup as its an essential feature of their software
I have asked the directors for clarification, any other suggestions on how i should handle this?
I have asked the directors for clarification, any other suggestions on how i should handle this?
As long as you get it in writing and they are paying you for a job, it's their responsibility, but as long as you make them perfectly aware that this could cause them legal issues, your job is done and crack on with the change.
If you are using this for mail monitoring using a bespoke piece of software, then cool. But you'd need to lock down the mailbox so no one can randomly jump in there.
If you are using this for mail monitoring using a bespoke piece of software, then cool. But you'd need to lock down the mailbox so no one can randomly jump in there.
ASKER
Thanks Alex, yes its 3rd party software that requires the feature for archiving purposes.
Any tips on how to configure this in exchange?
Any tips on how to configure this in exchange?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Alan
Thanks for the detailed reply, really appreciated! Does the rule you created also take care of the 10 day retention/auto delete or would this require additional configuration?
Also if i wanted to configure the rules manually would this be done via organisation config / hub transport?
Thanks for the detailed reply, really appreciated! Does the rule you created also take care of the 10 day retention/auto delete or would this require additional configuration?
Also if i wanted to configure the rules manually would this be done via organisation config / hub transport?
Hi,
The retention requirement would need to be out in place on the mailbox or account - that would depend on where it was located of course.
Yes - you can create the rules from there. It's pretty simple, so I'd suggest you give it a go, but by all means post back if you get stuck.
Alan.
The retention requirement would need to be out in place on the mailbox or account - that would depend on where it was located of course.
Yes - you can create the rules from there. It's pretty simple, so I'd suggest you give it a go, but by all means post back if you get stuck.
Alan.