T 2.17 Inadequate labelling of data media

When data media are labelled improperly, it is often impossible to determine whom the data media belong to, what information is stored on them, or what they are used for even a short time later. When improperly labelled data media are exchanged, it is often impossible for the recipient to determine who sent the data media or if there are any applicable access restrictions. If someone receives several data media from the same sender, inadequate labelling could result in the recipient using the media in the wrong order.

Examples:

• The BSI often receives stamped envelopes with requests for brochures or CDs. Again and again, no return address is provided on either the letter of request or on the stamped envelope.
• The sender provides the recipient with a DVD containing information, the integrity of which is very important. The next day, the sender notices that there were errors in the data, so he sends a corrected version and informs the recipient by telephone that a new version has been sent. The second DVD then overtakes the first one in the mail and arrives first, and due to inadequate labelling the recipient assumes that the first DVD received contains the incorrect data.
• Before a software change, important application data was burnt to CD-ROMs to back up the data. Since the change was supposed to be quick, the CD-ROMs were not properly labelled and just numbered instead. Even though confidential customer data was stored on the CD-ROMs, they were left out in the open in the office after installation of the software was finished. When this was discovered several weeks later, half of the CD-ROMs were already missing.