The latest incident relating to the "terror files" being left on a train shows that in spite of, or despite, all the best technical controls, security awareness messages and everything else we do to preserve confidentiality, there will always be some muppet who thinks the rules don't apply to him.
There's little we can really do about it except acknowledge the risk. The results of my thirty second inquiry into the incident are that the fault is, in my opinion, completely with the individual concerned. He had authority to take documents out of the office and he blew it. No doubt the cabinet office will spend slightly more time and money on a lengthy inquiry which I predict will conclude that "processes failed and additional measures will be taken in the future to prevent a repeat occurance."
There's no reason why anybody really needs to be sitting on public transport reading confidential documents either in paper form or on a computer screen. In fact one of my very first article submissions to Computer Weekly back in 2002 was on this very subject (read "What the hacker saw" here). I still enjoy sneaking a glance at what others are looking at on their computer screens on the train. If it's private then look at it in a private place!
