Document Retention - Storage and Maintenance of Hard Copies
Paper documents that contain sensitive personal information or confidential and proprietary business information also require attention. Hard paper copies of sensitive and confidential data should not be left out on desks, and printers should be in close proximity to the individuals printing and using this data. Paper copies of any documents should remain in locked filing cabinets or locked storage rooms. Formal document retention and destruction policies should be implemented. These policies cover which documents are stored, for how long, and how such documents will be disposed of after the time has expired. There may be specific laws that apply to the type of information collected and stored such as employment records. Docketing systems and procedures should be put in place to monitor compliance with these laws. One of the largest settlements with the FTC resulted from the disposal of personal information in an unsecured dumpster. [See In Re CVS Caremark ]. Technical Safeguards When implementing a data privacy and security program include legal, information technology, operational, human resources, and business expertise and follow recognized standards such as those released by the National Institute of Standards and Technology (NIST) or the International Standards Organization (ISO). A thorough review and audit of the technology and systems used by the business should be conducted by a firm or person with experience in data security. A penetration or attempted hack of the system can highlight potential weaknesses of a system. A business might consider hiring a firm that also has experience in penetration testing. This test simulates attacks from a malicious source and can evaluate how vulnerable the system is to hackers. Based on this test the vendor can then recommend steps to enhance security.
169
Made with FlippingBook - Online Brochure Maker