I'm going to go one further.
Just THIS WEEK I have received the entire contents of a council dotGov email account downloaded at the server by the service provider and sent to me in a zip file and I've read every message therein.
This would be the second time in 12 months I have initiated this process.
The first time was when the person that 'should' have known how to manage an FoI request made a complete hash of it and it was necessary to explain, in granular detail, how they 'should' be doing the job they are paid for. Disappointingly, it also took several increasingly bad tempered phone calls to the IT company to explain to them how and why such functionality was not only entirely necessary but that is was a basic IT function which I really shouldn't be having to explain to them.
On the more recent occasion (last week) my service request landed on the desk of a different company employee from the previous time and they set about trying to convince me that the only way they could do it was to change the password of the user and give me the new password. yes, more not good tempered exchanges...
OBVIOUSLY, as I have to go into detail to explain, that was NOT the correct procedure since that would (a) alert the employee that something was amiss with their email account and (b) lock them out of it thus precluding any further work - neither of which was acceptable.
The service request something like "please provide in a downloadable file format all sent and received traffic from the email account blahblahblah from 08:00 XX Apr to 17:00 XX May 23"
I will say again - it should be a standard clause in any IT / communications policy that all work email accounts are subject to examination. Any council which DOESN'T have such a policy should ask them self how do you propose to comply with an FoI request relating to user email accounts? You CAN'T - unless you rely upon the users of those accounts to search and provide any / all relevant messages and that's hardly a reliable or defensible process is it.
I am genuinely astounded that people in this forum / sector seem to make life so difficult for themselves.
The quote from the monitoring officer is perfectly clear - if there is a justifiable need and if the user has been informed.... But where it goes on to talk about passwords that seems however to illustrate a certain lack of awareness (if accurately quoted) since passwords are a user level IT security measure and email monitoring would be at system admin level which is above user security anyway.
Either the question to the MO was poorly formatted or the MO was poorly informed or MO quote is not an accurate reflection of the question and answer posed - who knows?
There needs to be a policy which all staff and Cllrs have acknowledged as a condition of use of official email accounts (and to comply with the requirements of FoI) and there needs to be a justifiable need to examine emails.
With those 2 elements in play an employer (council) can examine the emails of any employee or a Cllr.
If the OP is an aggrieved person that is having their email monitored, or a 3rd party that is uncomfortable with such monitoring of others, lodge a complaint and let it run its course. Come back and let us all know how that goes. Or, you could try the ICO chatbot - its not too bad but as with all these systems, the value of the output is directly proportionate to the accuracy of the input.
https://ico.org.uk/for-organisations/sme-web-hub/frequently-asked-questions/transparency-cookies-and-privacy-notices/#monitor
