| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1055.1 | | MARVIN::COCKBURN | SCOTLAND 13, England 7 !!! | Thu Mar 22 1990 03:44 | 11 |
| > <<< Note 1055.0 by HANDVC::SIMONSZETO "Simon Szeto @HGO, Hongkong" >>>
> -< White envelopes >-
> Maybe nobody gets burned by this sloppy practice in the US, I don't know.
> But let me tell you, if you should ever send stuff outside the US and
> it's confidential, please, please use the blue envelopes marked
> "CONFIDENTIAL (To be opened by addressee only.)"
Blue?
In the UK these envelopes are brown! So much for corporate standards....
Craig
|
| 1055.2 | Brown is US also | AUNTB::WARNOCK | Todd Warnock @CBO | Thu Mar 22 1990 06:56 | 1 |
| re: .1 Ditto US (or at least SC) - ours are also brown...
|
| 1055.3 | not necessarily equal | MPGS::MCCLURE | Why Me??? | Thu Mar 22 1990 08:19 | 14 |
| My understanding is that the color of the envelpe is not really
important. What is important is that it is properly labeled. If
the envelope contains material that should only be seen by the
addressee, it should be labeled "To Be Opened by Addressee Only."
The classification of the material in the envelope is a seperate
matter. This classification (IUO, Personal,Confidential,Restricted
Dis), may or may not be marked on the envelope along with the
addressee only marking. To my mind, leaving an envelope marked
with the security classification in plain sight is asking for
trouble. The 'to be opened by' label will attract less attention
by casual observers and, as long as the contents are appropriately
labeled, should not be a security violation.
Bob Mc
|
| 1055.4 | | COVERT::COVERT | John R. Covert | Thu Mar 22 1990 13:54 | 7 |
| re .3
The official rules are that there be an inner envelope with the "to be
opened by addressee only" and "Personnel Confidential" labels.
This envelope is placed in an outer envelope with no special markings.
/john
|
| 1055.5 | Personnel Confidential? | DEC25::BRUNO | Stoic and smug | Thu Mar 22 1990 14:40 | 11 |
| Hmm, I've never even heard of that classification. Around here,
all we have are:
DIGITAL INTERNAL USE ONLY
DIGITAL CONFIDENTIAL
DIGITAL PERSONAL
DIGITAL RESTRICTED DISTRIBUTION
I didn't know they were different in different locations.
Greg
|
| 1055.6 | Delete before reading | SDSVAX::SWEENEY | Patrick Sweeney in New York | Thu Mar 22 1990 14:52 | 3 |
| Someone once asked me to give them a copy of something I had received
with RESTRICTED DISTRIBUTION markings, I said I could, but then I'd
have to kill you.
|
| 1055.7 | Quill Pens too ? | JUMBLY::DAY | No Good Deed Goes Unpunished | Thu Mar 22 1990 16:52 | 4 |
| I presume you guys have heard of electronic mail ? -) -)
Mike Day
|
| 1055.8 | | HGABSS::SZETO | Simon Szeto @HGO, Hongkong | Thu Mar 22 1990 22:48 | 17 |
| Yes, the proper classification these days is "Digital Personal" but I
used the older terminology (shame on me). Anyway, the point of all
this is that this stuff should have been double-wrapped inside the
white envelope, and the inside should be marked "Digital Personal" and
"To be opened by addressee only."
In re the blue envelopes. Yes, over here they are blue (probably even
"Digital blue") and they look otherwise like the brown inter-
departmental correspondence envelopes except for the labelling:
CONFIDENTIAL [in red] (To be opened by addressee only.)
And they don't have six see-through holes punched through the envelope.
They are exactly the same size as the normal brown ones and so can't
fit in them. I don't know if these envelopes violate the letter of the
policy or not, since they are obviously confidential-looking.
--Simon
|
| 1055.9 | 'European Guide'!!!!!! | JGO::EVANS | | Fri Mar 23 1990 03:53 | 19 |
| re outer envelopes
In the "official" security awareness course for digital employees
booklet that we all recently received here in Nijmegen there was
a guide (for europe) to protecting company info.
For the categories :-
DIGITAL RESTRICTED
DIGITAL CONFIDENTIAL
DIGITAL PERSONAL
we are told to use two envelopes:-
The outer envelope should be "not transparent". Only name and address,
no further indication.
j.e.
by the way - the above is my best translation from dutch to english.
|
| 1055.10 | Trivial? Maybe... | DEC25::BRUNO | Stoic and smug | Fri Mar 23 1990 08:39 | 12 |
| RE: <<< Note 1055.8 by HGABSS::SZETO "Simon Szeto @HGO, Hongkong" >>>
>Yes, the proper classification these days is "Digital Personal" but I
>used the older terminology (shame on me). Anyway...
This is not as trivial a matter as it may seem. There is a
question as to whether or not a person could be disciplined for
violating the confidentiality of an message marked with a label which
is not an official Digital information classification.
Greg
|
| 1055.11 | Give me a break today, McDigital | 11SRUS::SAVAGE | Neil @ Spit Brook | Fri Mar 23 1990 12:21 | 5 |
| What's the purpose, or rationale, of double-wrapping? Seems like an
excess to me, Aren't we filling our land with waste paper fast enough?
Is it security? Since when has anyone had more of a problem getting
through two layers of paper than one?
|
| 1055.12 | | TLE::HETRICK | George C. Hetrick | Fri Mar 23 1990 18:30 | 15 |
| > <<< Note 1055.11 by 11SRUS::SAVAGE "Neil @ Spit Brook" >>>
> -< Give me a break today, McDigital >-
>
> Is it security? Since when has anyone had more of a problem getting
> through two layers of paper than one?
There is, of course, little extra difficulty in removing a second level of
envelope. But the purpose in having the plain outside wrapper is to make the
important mail look just like all the other mail, thus providing security via
obscurity. The inside wrapper is to prevent a secretary (for example) who opens
a managers mail from inadvertently seeing data they should not.
An information thief who was willing to open all the mail in the ZK mailroom
would find all the confidential info, but a casual thief could not, and that's
all this sort of thing is intended to stop.
|
| 1055.13 | Issue of personal privacy | BSS::C_BOUTCHER | | Fri Mar 30 1990 06:13 | 19 |
| Regardless if the envelop was marked according to "Digital Standards",
or marked in any other fashion that would indicate the material to be
confidential, the issue would involve the violation of the recipient's
privacy - unless the individual were normally assigned to read the
"non-confidential" mail (ie. secretary normally assigned to open and
distribute mail).
This would dictate that some form of diciplinary action be taken
against the individual gaining access to information to which they
were not privy. This may or may not include termination depending upon
the circumstances involved. It could also open up issues of criminal
or civil violation of local, state or federal law depending upon your
location. I would assume the violators "intent" would play a big role
in determining possible actions to be taken, as well as the extent of
the damage caused to the recipient of the mail.
Some people may not deam this issue to be of a serious nature, but
issues around the violation of personal privacy should not be tolorated.
|