On leaving hospital as a visitor, this sign was adjacent to the door and targeted at staff... an Information Security Warning.
"Staff must not take patient or staff data out of the building unless:
- Authroised to do so
- It is carries in a zipped/locked bag or
- It is electronically tagged".
On closer inspection of the three bullet points it can raise some questions...whether all or only some of the three apply.
1. "Authorised to do so" - that's clear enough and seems mandatory to comply.
2. "It is carried in a zipped/locked bag or" - it would appear that zipped/locked are alternatives which implies zipped or locked. And there's now an explicit "or" which relates the the third bullet point....
3. "It is electronically encrypted" - in which case it need not be in a zipped or locked bag.
So it would appear that bullet one would need to apply, but then only one of the second or third bullets points. In reality the third bullet is really part of the second. So the first bullet is about permission and the second about the mechanism....should only be two bullets really.
So we've checked....We have some papers in a zipped bag. Phew.
At this point the requirements are different....now it has to be a locked rather than permitting a zipped bag.....Oh dear, we've become non-complaint as we've walked across the car park.
