I’ve been asked to create a website to allow people to email from our server to a specific consultation response. In the past when i’ve done this i’ve stored peoples responses along with their IP address as they can edit the email being sent and although it looks like it came from whatever email address they put in obviously it could be traced back to our server.
My question is do i have a duty of care to store these details in case someone abuses the systems and sends abusive/threatening emails for example? Is there a legal responsibility or can I just say it’s not up to us to police what is sent?
At the moment i’m being told not to bother as if we don’t know what is sent we aren’t responsible for it. But this seems wrong to me.
anybody know the legalities of this (UK)