Graham
Surely it depends on the 'sensitivity' of the sensitive data?
Such steps would only be appropriate for the /most' sensitive of sensitive data.
In most cases such a procedure would bring most organisations to a shuddering
halt (if they weren't there already).
EVERY organisation processes SOME sensitive data, even if it is 'only' in the
context of employment contracts and/or sickness/absence.
BoB W.
Graham Smith wrote:
> Ian Welton [mailto:[log in to unmask]] asks:
>
> > This does raise rather an interesting point.
> >
> > How can organisations adequately secure hard copy, or
> > floppy disk type material?
>
> It requires a disciplined approach, perhaps something along the lines of:
>
> 1. The computer system needs to be setup so that printouts of sensitive data
> can only appear on a dedicated printer located in a secure area (same as you
> do for printing on cheques and other controlled stationery). Perhaps special
> non-photocopiable paper is used? Obviously the need for printouts of
> sensitive data should be reviewed, so that they are not produced unless
> there is a real need.
>
> 2. Each printout is immediately put into secure storage, where it is placed
> in a red (or otherwise easily identifiable) folder and given a unique
> identifier.
>
> 3. Every time the printout is removed from the secure storage, an individual
> takes personal responsibility for it. Usually there are rules about where
> such things can be stored overnight, whether they can be removed from the
> premises, who they can be shown to, etc.
>
> 4. When returned, the printout is checked to ensure it is complete, and
> signed back in.
>
> In an ideal world, where organisations seek to comply with BS7799 or other
> information security standard, this is all described with in the Protective
> Marking policy and procedures document.
>
> With regards to sensitive information stored on magnetic media that may be
> taken outside of the secure computer suite, the use of encryption should be
> considered mandatory.
>
> --
> Graham Smith
>
> > -----Original Message-----
> > From: Ian Welton [mailto:[log in to unmask]]
> > Sent: Sunday, December 16, 2001 11:52 AM
> > To: 'Graham Smith'
> > Subject: RE: As this was mentioned earlier this year, I thought people
> > might be interested in knowing the outcome.
> >
> > This does raise rather an interesting point.
> >
> > How can organisations adequately secure hard copy, or floppy disk type
> > material?
> >
> > Ian W.
> >
> > > -----Original Message-----
> > > From: This list is for those interested in Data Protection issues
> > > [mailto:[log in to unmask]]On Behalf Of Graham Smith
> > > Sent: 15 December 2001 03:33
> > > To: [log in to unmask]
> > > Subject: As this was mentioned earlier this year, I thought
> > > people might be interested in knowing the outcome.
> > >
> > >
> > > POLICE INQUIRY INTO SEX REGISTER IS DROPPED
> > >
> > > Lincolnshire Echo 10:30 - 13 December 2001
> > >
> > > A POLICE inquiry into how a confidential list of 204
> > > convicted sex offenders ended up in a supermarket
> > > car park has proved inconclusive.
> > >
> > > Four months after the personal details of the sex
> > > offenders were found wrapped in newspaper in
> > > Lincoln's Wragby Road Tesco car park, Lincolnshire
> > > Police have ended its investigation. Superintendent
> > > Mark Marsden, head of the force's complaints and
> > > misconduct department, said the inquiry closed
> > > yesterday.
> > >
> > > As revealed in the Lincolnshire Echo on August 13, the
> > > document was found and handed to a national newspaper.
> > >
> > > The information was a print-out of data held on
> > > computer files in the police criminal justice
> > > department at force headquarters in Nettleham.
> > >
> > > Supt Marsden said: "We have been unable to establish
> > > how the document left the possession of Lincolnshire
> > > Police. This is largely due to the fact that the
> > > document was produced in October 2000, allegedly
> > > discovered in the car park in April this year,
> > > then not handed to the paper until August."
> >
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-- Robert (Bob) Waixel
-- Snr. Lecturer - Computer Science
-- Pathway Leader - Combined Honours
-- AP(E)L advisor - Computer Science
-- email: <[log in to unmask]>
-- School of Applied Sciences
-- Room 337J, Bryant Building,
-- Anglia Polytechnic University,
-- East Road, Tel: +44 (0) 1223 363271 x 2342
-- Cambridge, CB1 1PT, UK Fax: +44 (0) 1223 417712
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-- Emailing from Home - (using DAN, Win98, BT Pay as you Pay)
-- - - - - - - - - - - - - - - - - - - - - - -
-- To err is human. To really foul things up ... you need a computer.
-- Schlimmbesserung: An improvement that makes matters worse.
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|