“‘Audit’ has a certain reputation. If we are not careful we can be regarded as one up from the VAT inspector,” says Joan Poole with a certain wry amusement, talking about her role as an auditor.

Joan and her team have invested a great deal of time and effort in breaking down the barriers between the auditor and their clients. This is especially important as, being the manager of the Audit Section at Guildford Borough Council, she is tasked with monitoring the work of her colleagues. It is her job to ensure that the council is financially and legally compliant and meets its corporate objectives.

It was Joan who first realised that the rash of new legislation implemented in the early 2000s affecting privacy at work meant that Guildford Borough Council – and probably most other local authorities – was on the wrong side of the law. “I looked at our current software, which was working okay but was totally non-transparent,” says Joan. “I could go in and look at anybody’s email. There was no trail. If I wanted to it could be abused. With privacy in the workplace it was obviously in breach.”

Fortunately for Joan one of her colleagues discovered Cryoserver in 2003. Two years on and with the introduction of Cryoserver and a new privacy at work policy, Guildford Borough Council is once again on the right side of the law, working more efficiently and protecting itself, its staff and the public it is there to serve.

In pursuit of excellence

Guildford Borough Council is one of only 28 councils (out of 273) in England that has been awarded an ‘excellent’ status by the Audit Commission during their regular comprehensive performance assessments. The council has around 1,100 users each with their own council email account. In total there around 800 PC terminals, with kiosks in service areas for staff that do not have their own PC – parking patrol officers, for example – to access the intranet and their individual email accounts.

Added to that, Guildford has witnessed a stratospheric increase in the amount of email and telephone interaction with the public, with 90% of their communication with the general public involving some form of electronic response. Over the course of the last decade of the twentieth century, the government enacted the Human Rights Act 1998, Data Protection Act 1998 (DPA), Regulation of Investigatory Powers Act 2000 (RIPA) and the Freedom of Information Act 2000 (FoIA).

These four major pieces of legislation had a wide spread impact on public sector bodies, affecting their right to covertly monitor staff, strengthening the rights of the individual to privacy and the amount of information that public sector bodies had to provide to individuals about their activities.

In the light of these changes – in particular the impact of RIPA and its limitation on public sector bodies needing to covertly monitor staff – Joan Poole discovered that Guildford’s email system and privacy policy was out of date and not compliant with current legislation. Her response was to form a privacy-at-work group involving key staff from audit, IT, personnel, information rights and the unions.

“What we found was that everybody was coming from a different direction. Their interests were not necessarily mine,” explains Joan. “The challenge was to find a system that satisfied all of our different requirements and that was proving difficult.”

Joan’s group quickly established that an email archiving product would not meet all of their needs, which is why the discovery of Cryoserver was so important. “We thought [Cryoserver] was better than the other products, which were mainly archiving with little bits added on to it,” says Joan. “Cryoserver seems to be the full package. It ticked the boxes for a lot of people.”

“It did what I wanted it to do [search],” adds Joan. “Our server people liked it because it’s in a sealed box. [Information rights] is happy about the data protection issues. The unions are pleased because it’s so transparent and so open. It fulfilled everyone’s requirements.”

In perfect union

In an inspired move, Guildford Borough Council’s main union – Unison – was involved from the beginning on the privacy working group.

“Our first concern was whether managers were using this appropriately or could they use it inappropriately to monitor staff?” says Jane Read, Unison representative. “But because we worked together with Cryoserver [and] with the managers in our own organisation we could ask these questions very early on and be reassured.”

Jane acknowledges that by involving the union at such an early stage delayed the launch of the system. On the other hand taking the time to fully consult the staff and the unions has meant that Cryoserver is now accepted and welcomed by all.

“I think the way that the whole thing was put together with Cryoserver, with Guildford Borough Council it worked exceptionally well,” says Jane.

“The way that Cryoserver dealt with us in the public sector was quite refreshing,” adds Ben Welton, Senior Business Analyst for the council and member of the ‘privacy at work’ group.

Trust and transparency

Trust is a major issue for the council. Previously, with their old email system and ambiguous privacy at work policy, this was difficult to achieve.

“Before there was this misconception that IT sat there just reading everybody’s emails all day,” explains Ben. Joan Poole backs this up. “We were really quite shocked when we first started to go into this just how vehemently the opinion was that we were there purely to look into what [staff] were doing.”

“It didn’t matter how many times we said we weren’t doing this and that we had systems in place that would flag up an exception and we’d look at it – not everybody believed it and there were always reservations amongst the staff.” Now, with Cryoserver, the issue of email snooping is no longer an issue.

“By having a bit of software that has been endorsed by the staff, by Unison, by Personnel, by IT, by Audit, by our legal area as well… that only endorses the fact that this is a corporate product that is taken seriously and that it’s not just some snooping software that IT have put in,” says Ben. “Staff will also reap the benefits of using it, being able to find their own emails as well,” he adds.

Big Brother leashed

Cryoserver is an audit system which can be likened to a black-box flight recorder for email with three vital functions. First, every single email ever generated by or sent to a Guildford Borough Council account – whether on a PC or a remote account – is recorded, forensically.

Second, Cryoserver has a ‘Google’ like search facility. It can search through millions of emails within seconds, giving privileged council officers – such as Joan Poole – the ability to retrieve key information and audit.

The third element to Cryoserver is the tamper-evident audit trail it creates. Someone with access, like Joan, cannot use Cryoserver to snoop on anyone else’s email information without creating an audit trail that is automatically sent to three ‘data guardians.’ In Guildford’s case these data guardians are directors.

“They get reports of everything,” explains Joan. “If I go in to do a search I have to put in a reason that is transparent. It’s good for the workforce and good for everybody.”

The net effect is that staff know that they cannot be covertly monitored unless the reason meets the strict criteria laid out in the new privacy at work policy and the RIPA. “It’s [Cryoserver] protecting staff and protecting us,” believes Joan. “Before RIPA and Cryoserver, we were seen as Big Brother, opening and going through their [staff] emails.”

“The point is that I could have done this [with the old system], and that is not right. With Cryoserver it can’t be done. “[Staff] have the confidence that it can’t be done. And I have the confidence that there is an audit trail and audit track so we can’t be accused of being intrusive. It’s almost proving a negative.”

Model worker

Since being installed in January 2004 Cryoserver has already proved its worth. Vincenzo Ardilio is the council’s Information Rights Officer and member of the privacy at work group who discovered Cryoserver and introduced it to Guildford. Part of Vincenzo’s role is to deal with requests for information, such as Subject Access Requests under the DPA or requests under the FoIA.

With the previous system, retrieval of emails proved to be time consuming and problematic; however with Cryoserver in place Vincenzo’s job has become much faster and simpler. “We have a few ‘regular customers’ that make requests on a regular basis,” explains Vincenzo. “One of these chaps made a complaint to the Local Government Ombudsmen, so I had to find all of his emails – we get about five emails a day from him. I used the Cryoserver facility to find all the emails; it certainly saved me a lot of time.”

Another benefit of Cryoserver has been to support the council’s drive to meet its service level agreements.

“Using Cryoserver allows us to prove that our staff are doing that or not doing that,” says Ben, for example, whether a reminder for the council tax was sent. “We can [now] prove to a member of the public that we did actually send that response about their council tax, so they should have paid it.” For Joan Poole, Cryoserver has been instrumental in speedily resolving a potentially lengthy and expensive dispute with a contractor.

“We had a situation with one of our contractors where there was a dispute over damages claimed for an over-running contract,” explains Joan. The contractor was alleging that an extension of time had been agreed in an email. “I just tracked [Cryoserver] and there was nothing there; very useful to prove a negative.”

With the negative evidence in hand, the Council went back to the contractor. Joan explains, “We were confident that since there was no trace of an email on our system [Cryoserver] we could take the view that it did not happen and were willing to stand by it.”

“We’re now into a more reasonable dialogue,” laughs Joan. “Cryoserver also gives us the ability to track internal emails that we never had before, and at a more basic level it produces more stats than we ever had before – so the management information is coming out better,” says Joan. “All round we haven’t found a down spot yet.”

The future for the public sector

So should other local authorities and public sector bodies adopt effective email monitoring systems such as Cryoserver? Union representative Jane Read believes so. “I think it is certainly in the interests of our members that we have this system in place.” That combined with the review of the privacy policy.

“We now feel that we can protect our members and that we don’t have to worry about [the system being abused] by uneducated managers,” adds Jane. “It is the kind of product that other councils should seriously consider,” states Ben. “Not just for monitoring, it’s also for storage. There are loads and loads of applications that we looked at in terms of how you look after your storage using email, but they’re not compliant. Also, Unison is happy, personnel are happy, audit is happy. Everybody is happy. There was no other product that did that.”

Installing and running Cryoserver was a painless and hassle free experience. Overhauling the council’s privacy at work policy took a lot more time gaining endorsement from all parts of the council, but the end result is a combination of technology and policy that puts Guildford Borough Council in a very strong position. It’s Joan Poole’s opinion that other councils are soon going to have to adopt such an approach. “I think it’s a route that they’re all going to have to go down,” says Joan.