- Personal data of employees, volunteers, clients etc should be held in accordance with relevant data protection legislation that is relevant to the organisation’s jurisdiction.
- All data should be stored securely and adequately backed up.
- Audit logs should be maintained so as to know who accessed data and when it occurred. These audit logs needs to be maintained and backed up appropriately also.
- Spot checks should be undertaken to confirm that access to the records were for legitimate reasons.
- Determine who should have access to the data and ensure they are the only ones who have access.
Sunday, July 11, 2010
Protecting sensitive information
All organisations will, over time, hold information that is considered sensitive (eg. Information about clients or students, information about donors, grant information). This information needs to be protected. Examples of ways to protect sensitive information include: