This undertaking has just been released - http://www.ico.gov.uk/news/latest_news/2012/leicestershire-county-council-in -data-breach-17042012.aspx Regardless of the training that the social worker did or didn't have, what else could be done? This has ramifications for people working from home in all sectors. Does the ICO expect everyone to have a "secure area" within their secure area (their home)? Is keeping them in a briefcase in a secure area (their home) not sufficient? Is the undertaking simply that they weren't trained and the policy didn't refer to paper records specifically? If so, what would these two things having been in place done to change the outcome of a burglary where the "thieves made a determined attempt to gain access to the property"? Or is there more to this case than has been published? I wonder what others views are on this. Simon Howarth. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^