Yes, the briefcase has been the subject of much debate here this morning (what an exciting life we lead). It would be interesting to know if this had any bearing on the decisions made. Having said that, I would suggest that the "lockability" of the case is not relevant as any thief would just grab the case and jemmy it open later anyway. However, I could imagine that the type of case might be more relevant (but only just). A laptop bag is more likely to contain a laptop than, say, a traditional briefcase and so they may have gone for the most likely container to hold something of value. Having said that we are often reminded to carry laptops in more innocuous bags to attract less attention, on the basis maybe that scumbags (that's thieves, not the latest designer case) will be less likely to go for a non-laptop bag. Outside this might be relevant, but in a secure environment that has been breached? Not sure, myself. Simon Howarth MBCS CITP www.informationedge.co.uk From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Powell, Andrew Sent: 18 April 2012 10:19 To: [log in to unmask] Subject: Re: [data-protection] Leicestershire CC Undertaking At first reading, it does look harsh. Providing that their procedures themselves are adequate and these have been properly followed it's difficult to see where the reprehensible conduct is - irrespective of how tight your procedures are, you can't eliminate the possibility of loss or theft. That in itself is perhaps a cautionary tale about homeworking. I suspect that this particular instance might turn on the the 'briefcase' itself. If it's a spinlock or equivalent and was closed at the time of the burglary, then it would be difficult to see that there was any fault on the part of the authority. If however the briefcase was unlocked, or a key was left in, or it was simply fastened with a clasp, then I can see that there would be a question of whether appropriate security measures had been taken. Andrew Powell Information Management Officer Corporate Information Management Team [log in to unmask] From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth Sent: 18 April 2012 09:59 To: [log in to unmask] Subject: [data-protection] Leicestershire CC Undertaking This undertaking has just been released - http://www.ico.gov.uk/news/latest_news/2012/leicestershire-county-council-in -data-breach-17042012.aspx Regardless of the training that the social worker did or didn't have, what else could be done? This has ramifications for people working from home in all sectors. Does the ICO expect everyone to have a "secure area" within their secure area (their home)? Is keeping them in a briefcase in a secure area (their home) not sufficient? Is the undertaking simply that they weren't trained and the policy didn't refer to paper records specifically? If so, what would these two things having been in place done to change the outcome of a burglary where the "thieves made a determined attempt to gain access to the property"? Or is there more to this case than has been published? I wonder what others views are on this. Simon Howarth. _____ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format): * Leaving this list: send leave data-protection to [log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE%20data-protection> * Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask] <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL> * To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask] <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML> * To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask] <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask] Any queries about sending or receiving messages please send to the list owner [log in to unmask] (Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline) _____ IMPORTANT: Confidentiality: This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please reply to this email and highlight the error. Please visit the Council's website at: www.wandsworth.gov.uk _____ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format): * Leaving this list: send leave data-protection to [log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE%20data-protection> * Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask] <mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL> * To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask] <mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML> * To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask] <mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask] Any queries about sending or receiving messages please send to the list owner [log in to unmask] (Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline) _____ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^