JISCMail - DATA-PROTECTION Archives

I accept that such a system would have an impact on any organisation that
does not currently treat personal data as being confidential. But it isn't
really that onerous, provided that: (a) you have a well-run registry
function; and (b) management are committed to following the procedures.

Also I would point out that this advice was in the context of how a folder
that allegedly contained names, current and previous addresses, dates of
birth, arrest records and previous convictions for a number of people who
had been considered as possible suspects in a paedophile (child sex) enquiry
could have found its way out of Lincolnshire Police's Criminal Justice Unit
without its loss being noticed, until it was apparently found in a local
supermarket.

--
Graham Smith

> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Robert (Bob) Waixel
> Sent: Sunday, December 16, 2001 6:37 PM
> To: [log in to unmask]
> Subject: Re: Protective Marking Schemes
>
>
> Graham
> Surely it depends on the 'sensitivity' of the sensitive data?
> Such steps would only be appropriate for the /most' sensitive of
> sensitive data.
>
> In most cases such a procedure would bring most organisations to
> a shuddering
> halt (if they weren't there already).
>
> EVERY organisation processes SOME sensitive data, even if it is
> 'only' in the
> context of employment contracts and/or sickness/absence.
>
> BoB W.
>
> Graham Smith wrote:
>
> > Ian Welton [mailto:[log in to unmask]] asks:
> >
> > > This does raise rather an interesting point.
> > >
> > > How can organisations adequately secure hard copy, or
> > > floppy disk type material?
> >
> > It requires a disciplined approach, perhaps something along the
> lines of:
> >
> > 1. The computer system needs to be setup so that printouts of
> sensitive data
> > can only appear on a dedicated printer located in a secure area
> (same as you
> > do for printing on cheques and other controlled stationery).
> Perhaps special
> > non-photocopiable paper is used? Obviously the need for printouts of
> > sensitive data should be reviewed, so that they are not produced unless
> > there is a real need.
> >
> > 2. Each printout is immediately put into secure storage, where
> it is placed
> > in a red (or otherwise easily identifiable) folder and given a unique
> > identifier.
> >
> > 3. Every time the printout is removed from the secure storage,
> an individual
> > takes personal responsibility for it. Usually there are rules
> about where
> > such things can be stored overnight, whether they can be
> removed from the
> > premises, who they can be shown to, etc.
> >
> > 4. When returned, the printout is checked to ensure it is complete, and
> > signed back in.
> >
> > In an ideal world, where organisations seek to comply with
> BS7799 or other
> > information security standard, this is all described with in
> the Protective
> > Marking policy and procedures document.
> >
> > With regards to sensitive information stored on magnetic media
> that may be
> > taken outside of the secure computer suite, the use of
> encryption should be
> > considered mandatory.
> >
> > --
> > Graham Smith
> >
> > > -----Original Message-----
> > > From: Ian Welton [mailto:[log in to unmask]]
> > > Sent: Sunday, December 16, 2001 11:52 AM
> > > To: 'Graham Smith'
> > > Subject: RE: As this was mentioned earlier this year, I thought people
> > > might be interested in knowing the outcome.
> > >
> > > This does raise rather an interesting point.
> > >
> > > How can organisations adequately secure hard copy, or floppy disk type
> > > material?
> > >
> > > Ian W.
> > >
> > > > -----Original Message-----
> > > > From: This list is for those interested in Data Protection issues
> > > > [mailto:[log in to unmask]]On Behalf Of Graham Smith
> > > > Sent: 15 December 2001 03:33
> > > > To: [log in to unmask]
> > > > Subject: As this was mentioned earlier this year, I thought
> > > > people might be interested in knowing the outcome.
> > > >
> > > >
> > > > POLICE INQUIRY INTO SEX REGISTER IS DROPPED
> > > >
> > > > Lincolnshire Echo 10:30 - 13 December 2001
> > > >
> > > > A POLICE inquiry into how a confidential list of 204
> > > > convicted sex offenders ended up in a supermarket
> > > > car park has proved inconclusive.
> > > >
> > > > Four months after the personal details of the sex
> > > > offenders were found wrapped in newspaper in
> > > > Lincoln's Wragby Road Tesco car park, Lincolnshire
> > > > Police have ended its investigation. Superintendent
> > > > Mark Marsden, head of the force's complaints and
> > > > misconduct department, said the inquiry closed
> > > > yesterday.
> > > >
> > > > As revealed in the Lincolnshire Echo on August 13, the
> > > > document was found and handed to a national newspaper.
> > > >
> > > > The information was a print-out of data held on
> > > > computer files in the police criminal justice
> > > > department at force headquarters in Nettleham.
> > > >
> > > > Supt Marsden said: "We have been unable to establish
> > > > how the document left the possession of Lincolnshire
> > > > Police. This is largely due to the fact that the
> > > > document was produced in October 2000, allegedly
> > > > discovered in the car park in April this year,
> > > > then not handed to the paper until August."
> > >
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >     If you wish to leave this list please send the command
> >        leave data-protection to [log in to unmask]
> >             All user commands can be found at : -
> >     www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > all commands go to [log in to unmask] not the list please!
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> --
> -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -- Robert (Bob) Waixel
> -- Snr. Lecturer  - Computer Science
> -- Pathway Leader - Combined Honours
> -- AP(E)L advisor - Computer Science
> --                                       email: <[log in to unmask]>
> -- School of Applied Sciences
> -- Room 337J,   Bryant Building,
> -- Anglia Polytechnic University,
> -- East Road,     Tel: +44 (0) 1223 363271 x 2342
> -- Cambridge, CB1 1PT,  UK              Fax: +44 (0) 1223 417712
> --
> -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -- Emailing from Home - (using DAN, Win98, BT Pay as you Pay)
> --  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
> -- To err is human. To really foul things up ... you need a computer.
> -- Schlimmbesserung:  An improvement that makes matters worse.
> -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>     www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^