Two weeks ago the ICO announced that it had fined a senior barrister £1000 for failing to keep clients’ sensitive personal information secure. The ICO explained that the barrister had kept sensitive information on 250 clients on a home computer without using any encryption. Then, during an update of software on the computer, files were automatically backed up on-line, where they were temporarily visible to search engines. There are clear lessons here for other small businesses, but it would appear that large organisations also have issues. A few days later the ICO announced that it had fined Norfolk County Council £60 000 for leaving social work case files in a cabinet that they disposed of – the files were discovered by a member of the public who bought the cabinet in a second-hand shop! Once again, this example highlights that information security is not just about electronic data.