Confidential data needs better protection

Post date: 
Tuesday, August 30, 2005 - 01:00

Confidential data needs better protection

Aug 30, 2005: There needs to be more attention paid to the security of paper documents in offices, such as confidential information and intellectual property, according to security experts who warn that organisations face high legal costs if they do not protect their most valuable assets.

A recent example, which highlights the potential costs that can be faced for a mistake in a company, involves a home lending company that had to dismiss two staff members because they were going to sell confidential information from a database of over 180,000 people at $50 a head or $9 million for the lot.

However, they had taken adequate precautions to prevent this security breach, so they escaped the penalties. But if there had been a breach, the company would have ha to pay heavy legal consequences.

Bob Trowbridge, the sales director from CSM Office Solutions, which provides storage solutions to meet security needs, talked about how important it is to protect the physical security of paper based documents. He said that he has seen all kinds of careless practices in organisations that he has visited.

"To protect themselves, businesses should develop and maintain best practise policies to comply with requirements of the Privacy Act. This policy should incorporate steps to prevent access by unauthorised persons to hard or soft copies of vulnerable information.

"Businesses should evaluate their hardware housing as to whether it provides adequate protection of the documents. That way, in event of a breach, the business can show that they took all reasonable steps to prevent the breach."

In addition, Trowbridge said that he has seen records stored in boxes on the floor, and some people even have open files on their desks when they leave for work at night.

He added that while this does not appear important on the face of it, if the information was improperly used, the business would be investigated for a breach of the Privacy Act and will have to prove that they took reasonable steps to protect this information.

Peter Letton, the director of CSM, said that organisations need to have adequate security policies in place and need to use more secure filing cabinets.

"You need clear policies in place about how to control this confidential documents. This also needs to involve a proper tracking system, so that people know exactly where the documents are at all times, as they move around the office.

"Organisations also need to use secure filing cabinets, such as the ones provided by ASIO (the Australian Security Intelligence Organisation), which offer cabinets made out of steel that cannot have keys cut for them or combinations broken into. They offer different classes of cabinets, dependent on the importance of documents."

Letton added that any document security policies should reflect the sensitive nature of each document.

Related Article:

Confidential information at risk in run up to end of financial year

Business Solution: 
Enterprise Applications
Network Storage