In recent news yet another government official was reported to have “dumped” official documents. What should employers be doing to regulate the way in which employees dispose of confidential or sensitive information?

The Data Protection Act 1998 sets out eight principles on how 'personal data' should be handled, including safeguarding against unauthorised use, accidental loss or destruction. Failure to uphold the law could result in legal action.  It is therefore essential that anybody who is to handle or be in a position where they might encounter or have access to protected data be properly trained.

In addition to the possibility of legal action when in breach of the legislation, where customers and staff are made aware of these kinds of omissions or errors there is likely to be a reduction in confidence. So it is good practice to ensure that safe practices are known and understood throughout the organisation to prevent any negative press and associated loss of goodwill.

It is the employers duty to ensure that all staff understand the methods of storage of data in the workplace and why following such procedures is so important. Specifically, the disposal of documents should not take place outside company premises, and must be returned to the workplace to be disposed of within a controlled environment. There should be special facilities for confidential waste as opposed to waste paper. Only those members  of staff with a specific role where such information is necessary should be able to access sensitive information and the employer should have a method in place to ensure that this is the case.

In this age of technology it is not just the paper documents employers should pay attention to in training of staff and highlighting of procedure. It is increasingly more likely that an employee taking work off the premises might do so by using a memory stick for example or a laptop provided by their workplace. You could argue that the possible risks of this are far greater than that of a piece of confidential paper left on a desk at work overnight. Employers should keep up to date on protective methods such as encryption and the extent to which it might be recommended.

In considering how best to uphold the principles of data protection, it is advisable that attention be paid to current practices and where there may be potential for breach of duty. Any such area of the policy should then be reworked and amended accordingly. Alongside the advent of new technologies and ways of working comes a continued duty to assess and amend data protection policies for the benefit of the company, its staff, its customers and clients.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu