Ian Welton [mailto:[log in to unmask]] asks:
> This does raise rather an interesting point.
>
> How can organisations adequately secure hard copy, or
> floppy disk type material?
It requires a disciplined approach, perhaps something along the lines of:
1. The computer system needs to be setup so that printouts of sensitive data
can only appear on a dedicated printer located in a secure area (same as you
do for printing on cheques and other controlled stationery). Perhaps special
non-photocopiable paper is used? Obviously the need for printouts of
sensitive data should be reviewed, so that they are not produced unless
there is a real need.
2. Each printout is immediately put into secure storage, where it is placed
in a red (or otherwise easily identifiable) folder and given a unique
identifier.
3. Every time the printout is removed from the secure storage, an individual
takes personal responsibility for it. Usually there are rules about where
such things can be stored overnight, whether they can be removed from the
premises, who they can be shown to, etc.
4. When returned, the printout is checked to ensure it is complete, and
signed back in.
In an ideal world, where organisations seek to comply with BS7799 or other
information security standard, this is all described with in the Protective
Marking policy and procedures document.
With regards to sensitive information stored on magnetic media that may be
taken outside of the secure computer suite, the use of encryption should be
considered mandatory.
--
Graham Smith
> -----Original Message-----
> From: Ian Welton [mailto:[log in to unmask]]
> Sent: Sunday, December 16, 2001 11:52 AM
> To: 'Graham Smith'
> Subject: RE: As this was mentioned earlier this year, I thought people
> might be interested in knowing the outcome.
>
> This does raise rather an interesting point.
>
> How can organisations adequately secure hard copy, or floppy disk type
> material?
>
> Ian W.
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]]On Behalf Of Graham Smith
> > Sent: 15 December 2001 03:33
> > To: [log in to unmask]
> > Subject: As this was mentioned earlier this year, I thought
> > people might be interested in knowing the outcome.
> >
> >
> > POLICE INQUIRY INTO SEX REGISTER IS DROPPED
> >
> > Lincolnshire Echo 10:30 - 13 December 2001
> >
> > A POLICE inquiry into how a confidential list of 204
> > convicted sex offenders ended up in a supermarket
> > car park has proved inconclusive.
> >
> > Four months after the personal details of the sex
> > offenders were found wrapped in newspaper in
> > Lincoln's Wragby Road Tesco car park, Lincolnshire
> > Police have ended its investigation. Superintendent
> > Mark Marsden, head of the force's complaints and
> > misconduct department, said the inquiry closed
> > yesterday.
> >
> > As revealed in the Lincolnshire Echo on August 13, the
> > document was found and handed to a national newspaper.
> >
> > The information was a print-out of data held on
> > computer files in the police criminal justice
> > department at force headquarters in Nettleham.
> >
> > Supt Marsden said: "We have been unable to establish
> > how the document left the possession of Lincolnshire
> > Police. This is largely due to the fact that the
> > document was produced in October 2000, allegedly
> > discovered in the car park in April this year,
> > then not handed to the paper until August."
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|