Lee,
Many organisations have issues with banning removable media due to the fact that people have got used to them as a
way of working. However, there is no excuse for not having a level of control and, for example, implementing
encrypted USb sticks. There are software products available that can stop unauthorised hardware being used and
these are important in the "fight against apathy"!
As for emails being intercepted, I think this is a prime candidate for carefully considering the risks versus the
confidentiality of the information being transferred. I would never allow person or confidential information to be
sent in a "plain" email. Not because of interception (which is a very small risk), but because of human error.
In the Government there are a plethora of "secure" networks (nhs.net, PNN, GSI etc etc etc), but they all have one
difficult to remove flaw - humans. These networks are only secure if you send an email from one secure email
address to another and if you send from for example pnn to gsi, you have to be sure that there is a secure link
otherwise it will hit the open web.
The human factor comes in when people say it's OK to send confidential information on these secure networks without
any other security - DON'T! It only takes a slip of the mouse, finger etc for you to send to the wrong person. For
example selecting from your address book for John Smith but you meant to send it to John.Smith2@... because of
this regardless of the network status you must still encrypt information that you would expect to be kept
confidential - it's simply good business practice.
Until human error can be erradicated then my view is that a secure network is great, but it needs another level of
security not just the reliance on the network integrity itself and the possibility that no one will cock it up at
some point....
Simon Howarth.
Quoting "Henley, Lee" <[log in to unmask]>:
> Can I ask the following please in relation to the high profile breaches of
> data protection/information security.
>
> 1.Has any organisation banned the storing of personal data on portable
> devices such as laptops and memory (USB) sticks or is this allowed if
> documents are password protected?
>
> 2. Due to the risks of external emails being intercepted whilst in transit
> what measures/controls have organisations put in place regarding the emailing
> of personal data outside of the organisation?
>
> Regards
>
> Lee Henley
> Information Manager
> Telephone: (01375) 652500
> Mobile - 07780 730944
> [log in to unmask]
>
>
>
> The information in this e-mail and any attachment(s) are intended to be
> confidential and may be legally privileged. Access to and use of its content
> by anyone else other than the addressee(s) may be unlawful and will not be
> recognised by Thurrock Council for business purposes. If you have received
> this message by mistake, please notify the sender immediately, delete it and
> do not copy it to anyone else. Thurrock Council cannot accept any
> responsibility for the accuracy or completeness of this message as it has
> been transmitted over a public network.
>
> Any opinions expressed in this document are those of the author and do not
> necessarily reflect the opinions of Thurrock Council.
>
> Any attachment(s) to this message has been checked for viruses, but please
> rely on your own virus checker and procedures.
>
> Senders and recipients of e-mail should be aware that under the UK Data
> Protection and Freedom of Information legislation these contents may have to
> be disclosed in response to a request.
>
> All e-mail sent to or from this address will be processed by Thurrock
> Council's corporate e-mail system and may be subject to scrutiny by someone
> other than the addressee.
> ____________________________________________________________________
> This message has been checked for all known viruses by the MessageLabs Virus
> Control Centre. For further information visit
> http://www.messagelabs.com/stats.asp
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
--
Simon Howarth
The Information Edge
37 The Grange
Cottam
Preston
PR4 0LR
Office: 0870 991 3696
Mobile: 07836 365588
Webtech Systems trading as The Information Edge, registered in England No.
3428632. More information available at www.informationedge.co.uk
-------------------------------------------------
Visit Pipex Business: The homepage for UK Small Businesses
Go to http://www.pipex.co.uk/business-services
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
