Roland Perry wrote:

[log in to unmask]" type="cite">In message <[log in to unmask]>, at 22:53:11 on Mon, 17 Nov 2008, Tim Trent <[log in to unmask]> writes
>>Encrypting the data is a bit of red herring, if the user decrypts the >>memory stick or CD onto their home PC, at which point it's free to >>escape again.

We are talking, though, about the casual imbecile who leaves the data lying around and loses it, not about malicious or nefarious data theft. You cannot stop theft by encryption, no. And use of the organisation's data on one's home device is nefarious use of that data

If you are taking data home (a practice I'm trying to get people to think more carefully about) then you need to be able to process the data at home. That's why you took it home.

So the data is likely to end up being loaded onto the home PC, and that starts the cycle of "casual imbecility" as you put it, all over again.

>At present especially, with massive job losses around the corner, the >threat of summary dismissal for removing data form site on an >unauthorised device and thus no hope of getting another job for a >substantial time would concentrate most people's minds. And those >whose minds are not concentrated by it would be better out of work.

Conversely, one of the main incentives to take data home to work on it is in order to be seen to be "delivering" more. As people's jobs become less secure, there's even more incentive to do that particular kind of overtime.

But not on your own personal non organisation supplied equipment. That is the point.

Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)