Practically every organisation today holds confidential data on its customers. The Data Protection Act obliges firms to make sure such information is stored safely, kept confidential and not put to any unauthorised use.
If confidential data does get lost or disclosed, the consequences can be embarrassment or reputational damage at best, serious legal liability at worst. That’s why it’s vital to make sure your confidential data is always safe – not just while you’re using it, but afterwards too.
To safeguard confidential data throughout your business, it’s important that everyone knows and understands best practice for confidential data. In this article, we’ve put together a few ideas to help you get started. They’re all simple rules that are easy to remember and put into practice in everyday work.
Make data security someone’s job
Data security won’t just happen by itself. Someone needs to take responsibility for it, and they need the authority to set up rules and processes for other people to follow. Part of their responsibility will be to develop a security policy and make sure everyone understands it.
Know the regulations
Everyone should understand the importance of protecting personal data. They should know your security policy and understand how they can put it into practice in their work.
Stay up to speed on data protection legislation and share any relevant changes with your staff. People should appreciate that confidentiality is an important legal requirement, not just a fussy management rule.
Limit access to confidential data
Not everyone needs access to every confidential document. Think about who really needs access to what, and use permissions to prevent unauthorised access. For paper records, consider who needs physical access to archives or secure storage.
Store paper documents securely
There are many reasons why people prefer to work off paper. They might want a hard copy they can take to a meeting or read at home, or a physical record they can ‘hang on to’. Or the ‘paper record’ might be nothing more than a phone number scribbled down on a scrap of paper.
The problem is that once confidential data is on paper, that piece of paper can go anywhere, with anyone, at any time. That can circumvent the security you’ve carefully set up on your digital network, and it can violate data protection law too.
While documents are still in use, it’s essential that they’re securely stored. That means filing cabinets or desk drawers with locks – or, for more important documents, safes.
You may need to consider how to handle the issue of remote working, including limiting people’s ability to print when away from the office, or discouraging them from taking printouts of confidential data home.
Clear desk policy
On a similar theme to secure storage is a clean desk policy. This stipulates that people cannot leave any sort of document out on their desk overnight.
That includes data printouts, but it also extends to handwritten notebook pages and Post-It notes, which can easily contain confidential data too.
Dispose of documents when you’ve finished with them
People need to understand that as soon as a document is finished with, it needs to be properly disposed of – ideally by being securely shredded.
Staff can use their own in-office shredders, but to save time and deal with larger volumes of paper, it makes sense to partner with a commercial shredding provider. These firms can collect confidential waste in bulk, shred it securely and provide documentation confirming what they’ve done.
Even paper that’s going to be destroyed must be kept safe. Paper awaiting shredding, or collection by a shredding provider, should be stored in a lockable container.
To learn more about secure document disposal services, visit our shredding services section or call one of our specialists