Even though it may be your job to handle sensitive information, how you handle the data is just as important as how well it is secured.
One of the best ways to avoid any sort of legal snafu is to have a privacy policy in place. The policy needs to be all encompassing, meaning it covers EVERYTHING accessed on the company’s network (i.e. email, network drives, Twitter, Facebook, VPN connections from offsite, etc).
The policy should mandate guidelines of acceptable computer usage while using company resources (including all data).
Another step would be to conduct a Security Assessment and Security Audit.
- A Security Assessment identifies vulnerabilities within an organization’s infrastructure and will then recommend solutions to secure the system.
- A Security Audit installs an application on the network that is designed to identify, classify, secure, monitor and report on sensitive data. A manager is then notified every time the data is accessed so organization’s can track who is accessing sensitive data and when and where the access happens.
If you aren’t sure of your organization’s policy in regards to sensitive data, ask them. If they don’t have a policy in place – inquire about initiating one. This will help to safeguard yourself as well as the data you are in charge of.
More Information on NSK's Security Assessments