I accept that such a system would have an impact on any organisation that does not currently treat personal data as being confidential. But it isn't really that onerous, provided that: (a) you have a well-run registry function; and (b) management are committed to following the procedures. Also I would point out that this advice was in the context of how a folder that allegedly contained names, current and previous addresses, dates of birth, arrest records and previous convictions for a number of people who had been considered as possible suspects in a paedophile (child sex) enquiry could have found its way out of Lincolnshire Police's Criminal Justice Unit without its loss being noticed, until it was apparently found in a local supermarket. -- Graham Smith > -----Original Message----- > From: This list is for those interested in Data Protection issues > [mailto:[log in to unmask]]On Behalf Of Robert (Bob) Waixel > Sent: Sunday, December 16, 2001 6:37 PM > To: [log in to unmask] > Subject: Re: Protective Marking Schemes > > > Graham > Surely it depends on the 'sensitivity' of the sensitive data? > Such steps would only be appropriate for the /most' sensitive of > sensitive data. > > In most cases such a procedure would bring most organisations to > a shuddering > halt (if they weren't there already). > > EVERY organisation processes SOME sensitive data, even if it is > 'only' in the > context of employment contracts and/or sickness/absence. > > BoB W. > > Graham Smith wrote: > > > Ian Welton [mailto:[log in to unmask]] asks: > > > > > This does raise rather an interesting point. > > > > > > How can organisations adequately secure hard copy, or > > > floppy disk type material? > > > > It requires a disciplined approach, perhaps something along the > lines of: > > > > 1. The computer system needs to be setup so that printouts of > sensitive data > > can only appear on a dedicated printer located in a secure area > (same as you > > do for printing on cheques and other controlled stationery). > Perhaps special > > non-photocopiable paper is used? Obviously the need for printouts of > > sensitive data should be reviewed, so that they are not produced unless > > there is a real need. > > > > 2. Each printout is immediately put into secure storage, where > it is placed > > in a red (or otherwise easily identifiable) folder and given a unique > > identifier. > > > > 3. Every time the printout is removed from the secure storage, > an individual > > takes personal responsibility for it. Usually there are rules > about where > > such things can be stored overnight, whether they can be > removed from the > > premises, who they can be shown to, etc. > > > > 4. When returned, the printout is checked to ensure it is complete, and > > signed back in. > > > > In an ideal world, where organisations seek to comply with > BS7799 or other > > information security standard, this is all described with in > the Protective > > Marking policy and procedures document. > > > > With regards to sensitive information stored on magnetic media > that may be > > taken outside of the secure computer suite, the use of > encryption should be > > considered mandatory. > > > > -- > > Graham Smith > > > > > -----Original Message----- > > > From: Ian Welton [mailto:[log in to unmask]] > > > Sent: Sunday, December 16, 2001 11:52 AM > > > To: 'Graham Smith' > > > Subject: RE: As this was mentioned earlier this year, I thought people > > > might be interested in knowing the outcome. > > > > > > This does raise rather an interesting point. > > > > > > How can organisations adequately secure hard copy, or floppy disk type > > > material? > > > > > > Ian W. > > > > > > > -----Original Message----- > > > > From: This list is for those interested in Data Protection issues > > > > [mailto:[log in to unmask]]On Behalf Of Graham Smith > > > > Sent: 15 December 2001 03:33 > > > > To: [log in to unmask] > > > > Subject: As this was mentioned earlier this year, I thought > > > > people might be interested in knowing the outcome. > > > > > > > > > > > > POLICE INQUIRY INTO SEX REGISTER IS DROPPED > > > > > > > > Lincolnshire Echo 10:30 - 13 December 2001 > > > > > > > > A POLICE inquiry into how a confidential list of 204 > > > > convicted sex offenders ended up in a supermarket > > > > car park has proved inconclusive. > > > > > > > > Four months after the personal details of the sex > > > > offenders were found wrapped in newspaper in > > > > Lincoln's Wragby Road Tesco car park, Lincolnshire > > > > Police have ended its investigation. Superintendent > > > > Mark Marsden, head of the force's complaints and > > > > misconduct department, said the inquiry closed > > > > yesterday. > > > > > > > > As revealed in the Lincolnshire Echo on August 13, the > > > > document was found and handed to a national newspaper. > > > > > > > > The information was a print-out of data held on > > > > computer files in the police criminal justice > > > > department at force headquarters in Nettleham. > > > > > > > > Supt Marsden said: "We have been unable to establish > > > > how the document left the possession of Lincolnshire > > > > Police. This is largely due to the fact that the > > > > document was produced in October 2000, allegedly > > > > discovered in the car park in April this year, > > > > then not handed to the paper until August." > > > > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > If you wish to leave this list please send the command > > leave data-protection to [log in to unmask] > > All user commands can be found at : - > > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm > > all commands go to [log in to unmask] not the list please! > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > -- > -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > -- Robert (Bob) Waixel > -- Snr. Lecturer - Computer Science > -- Pathway Leader - Combined Honours > -- AP(E)L advisor - Computer Science > -- email: <[log in to unmask]> > -- School of Applied Sciences > -- Room 337J, Bryant Building, > -- Anglia Polytechnic University, > -- East Road, Tel: +44 (0) 1223 363271 x 2342 > -- Cambridge, CB1 1PT, UK Fax: +44 (0) 1223 417712 > -- > -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > -- Emailing from Home - (using DAN, Win98, BT Pay as you Pay) > -- - - - - - - - - - - - - - - - - - - - - - - > -- To err is human. To really foul things up ... you need a computer. > -- Schlimmbesserung: An improvement that makes matters worse. > -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm > all commands go to [log in to unmask] not the list please! > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^