Implementing a ‘clean desk’ policy

Printed data is important too, and a ‘clean desk’ policy, backed up by a regular shredding service, is an excellent way to make sure it doesn’t go astray.

When you consider information security and safeguarding personal information, it’s only natural to think about digital technology. After all, that’s where most high-profile data breaches take place, and where most firms are concentrating their efforts to improve security.

However, data is data, no matter where it’s stored. And that certainly includes paper records.

Most paper records have a ‘home’ where they’re kept reasonably secure. But since paper must be physically removed in order to be updated or referred to, it can also end up on people’s desks. And it’s a potential security risk for as long as it’s there.

A ‘clean desk’ policy is an important way to make sure that sensitive and/or confidential materials are always put away and secured when people are away from their desks, plus other security practices such as preventing access to computers. It’s also a practical way for people to learn about the importance of information security and protecting confidential data.

A typical ‘clean desk’ policy might include the following rules:

  • If you’re going to be away from your workstation for any length of time, make sure that all sensitive or confidential information is secured. This includes overnight, at lunch or coffee breaks and when going into meetings.
  • If you have any paper documents containing confidential or sensitive information on your desk at the end of the day, make sure you lock them away (for example, in a desk drawer).
  • Make sure your computer is locked and password-protected whenever you’re away from your desk.
  • Before you go home at the end of the day, shut down your computer completely.
  • When you’re not using your laptop or tablet, secure it with a locking cable or lock it away in a drawer.
  • Lock away storage devices such as CD-ROMs, DVDs and USB drives when you’re not using them.
  • Keep filing cabinets that store confidential or sensitive information closed and locked when they’re not being used.
  • Don’t write down passwords in a place that other people can access. Don’t leave them written on sticky notes posted anywhere near your computer – even if they can’t be seen.
  • If you print out confidential information, go and collect it from the printer straight away.
  • If you write confidential information on a whiteboard, erase it at the end of your meeting.
  • When you’re finished with confidential documents, place them in a locked bin ready for shredding.

This last point is particularly important. It’s no good having a ‘clean desk’ policy if people remove confidential documents from their desks, only to leave them lying in an unsecured recycling box. Instead, sensitive documents should be kept in a locked bin until they can be securely shredded, either on-site or at a secure location.

Our shredding services are the perfect complement to your ‘clean desk’ policy. We can provide our own lockable bins for you to use, and collect your documents to be shredded either regularly or ad hoc as required. Once your paper documents are shredded, we’ll give you a certificate of destruction that confirms your data has definitely been destroyed.