Data Protection Good Practice

Staff

Analysis of security incidents show a high proportion are staff related so this is an important area to consider. The Data Protection Act also requires you to take reasonable steps to ensure the reliability of employees that have access to personal information.

  • Do you take reasonable steps at the recruitment stage to check the identity and reliability of your staff? For example, by getting references and checking that these and the person’s qualifications are valid.

  • Do you lay down in your employment contract or in a confidentiality agreement what staff can and cannot do with the personal information they handle?

  • Do you train your staff in their responsibilities about the personal information you process? For example, do you make it clear if information is confidential and the restrictions on how this should be used?

  • Are staff aware of the dangers of someone trying to trick them into making disclosures of information or changing an address when they should not do this because the enquirer is not who they say they are? Do they know the proper procedures to use to identify callers? Do you warn your staff about possible ‘phishing’ attacks (which is a similar type of attack via email) so they know not to get taken in by these deceptions?

  • Do they know they can commit a criminal offence if they deliberately give out personal information without your consent? The guidance we produce on training staff and our video/DVD ‘The lights are on’ may help you with this. Do they know that they can commit a criminal offence if they try to access or obtain personal information without your authority?

  • Are staff told what personal use they can make of the computers or phones? While you may not mind them making some personal use of your computers, you may want to consider if there are restrictions you want to put on their use to avoid, for example, virus infection, spam, or visiting sites where illegal material such as pornography may be seen.

Crown Copyright © 2014

1 2 3 4 5 6 7

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>