File Management and Protection/Data Protection/Information security

Information Security
Personal privacy

If personal information such as health or finance status, personal or family issues and background details became available to unauthorised agents, this could lead to the standing of individuals being seriously compromised. In some cases it may have little more effect than a feeling of invasion of personal privacy, while in other cases it may lead to serious embarrassment, loss of status or job and even blackmail.

Company confidentiality

Business functions by trying to achieve a competitive edge. This is achieved by making better products and having better marketing strategies. If competitors found out the formulation of products or details of manufacturing or the marketing plans for new products, a company would lose its competitive edge. There is a whole dark area to business known as industrial espionage in which a variety of means are used to discover trade secrets and business dealings. Obviously, there is an absolute imperative to maintaining the confidentiality of all company information.

Protecting company information

There are a number of procedures companies can take to protect their information and these would usually be detailed in a company policy document which would be explained to staff on appointment. Often a personal copy of this document is given to each employee for their records.

Staff employment practices

Basic to good company security is loyal and trustworthy staff. If staff members are likely to have access to sensitive information, they should be thoroughly screened before they are employed. The more sensitive the information they have access to, the more vital is this process. Promotion to more sensitive positions can be based on a good history or loyalty and trust. Part of the staff induction process and on-going staff training should inculcate in staff the importance of security and an awareness of the consequences of its violation.

Security procedures

Information should be classified on the basis of its sensitivity. Access rights to this information should be limited to those who need to know. To access certain information, an employee might need a special security clearance. All access to sensitive information should be recorded. The question of access rights is discussed further in the next section. Sensitive information that is stored in the form of paper files should be kept in a secure vault. Procedures should be in place to enable staff to report breaches or suspected breaches of security. They should be able to report these without fear of reprisal. In large organisations security departments can be established specifically for the purpose of providing such channels and monitoring security on an on-going basis. This is often done in conjunction with forensic auditing. This is a special form of auditing to detect mismanagement and corruption.