Phil, The problem with what you have said is that risk assessment is a subjective thing for every organisation (and even for parts of an organisation). There is no such thing as a definitive answer. In each case the risk of data loss has to be balanced against the cost of implementing it and the problems that implementing it will cause. In many cases the answer will come out to be that endpoint security software should be implemented, but not in every case. Regards Donald Henderson Information Compliance Manager Perth & Kinross Council -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw Sent: 21 November 2008 17:10 To: [log in to unmask] Subject: Re: [data-protection] How to Take Data Security Seriously Given the history of the last 12 months or so , and setting aside the araldite solution, does anyone agree with the proposition that failure to implement appropriate endpoint security software giving policy based granular control of what data can be transferred to portable media (and who by) must now be regarded as a breach of DP principle 7 ? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. The information in this email is solely for the intended recipients. If you are not an intended recipient, you must not disclose, copy, or distribute its contents or use them in any way: please advise the sender immediately and delete this email. Perth & Kinross Council does not warrant that this email or any attachments are virus-free and does not accept any liability for any loss or damage resulting from any virus infection. Perth & Kinross Council may monitor or examine any emails received by its email system. The information contained in this email may not be the views of Perth & Kinross Council. It is possible for email to be falsified and the sender cannot be held responsible for the integrity of the information contained in it. Requests to Perth & Kinross Council under the Freedom of Information (Scotland) Act should be directed to the Freedom of Information Team - email: [log in to unmask] General enquiries should be made to [log in to unmask] or 01738 475000. Securing the future... - Improving services - Enhancing quality of life - Making best use of public resources. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^