Phil,
The problem with what you have said is that risk assessment is a
subjective thing for every organisation (and even for parts of an
organisation). There is no such thing as a definitive answer. In each
case the risk of data loss has to be balanced against the cost of
implementing it and the problems that implementing it will cause.
In many cases the answer will come out to be that endpoint security
software should be implemented, but not in every case.
Regards
Donald Henderson
Information Compliance Manager
Perth & Kinross Council
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 21 November 2008 17:10
To: [log in to unmask]
Subject: Re: [data-protection] How to Take Data Security Seriously
Given the history of the last 12 months or so , and setting aside the
araldite solution, does anyone agree with the proposition that failure
to implement appropriate endpoint security software giving policy based
granular control of what data can be transferred to portable media (and
who by) must now be regarded as a breach of DP principle 7 ?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.
The information in this email is solely for the intended
recipients.
If you are not an intended recipient, you must not disclose,
copy, or distribute its contents or use them in any way: please
advise the sender immediately and delete this email.
Perth & Kinross Council does not warrant that this email or any
attachments are virus-free and does not accept any liability for
any loss or damage resulting from any virus infection. Perth &
Kinross Council may monitor or examine any emails received by its
email system.
The information contained in this email may not be the views of
Perth & Kinross Council. It is possible for email to be falsified
and the sender cannot be held responsible for the integrity of
the information contained in it.
Requests to Perth & Kinross Council under the Freedom of
Information (Scotland) Act should be directed to the Freedom of
Information Team - email: [log in to unmask]
General enquiries should be made to [log in to unmask] or 01738
475000.
Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
