T 3.1 Loss of data confidentiality/integrity as a result of IT user error

Through erroneous actions, IT users can cause or allow loss of data confidentiality/integrity. The consequential damage depends on the sensitivity of the data involved. Examples of such erroneous actions are

• Accidental print-outs containing personal data are not fetched by staff members from the network printer.

• Floppy disks are dispatched without a physical deletion of previously stored data.

• Due to incorrectly administered access rights, a staff member can modify data without being able to assess the critical impact of such a violation of integrity.

• New software is tested using non-anonymous data. Unauthorised staff members thus have access to protected files or confidential information. It is also possible that third parties could have access to this information if the disposal of "test printouts" is not handled correctly