Guidelines for Dealing with Confidential Information
1. Safeguard your username, password and any other access credentials you have for systems and applications that deal with confidential information.
2. Protect mobile devices such as smartphones, tablets and USB drives that contain confidential information.
3. Never leave your computer unattended when confidential information is on the screen.
4. Before transmitting confidential information to others, be sure that:
- The transmission complies with the law and privacy and security policies;
- The recipient has a legitimate business purpose for the information;
- You're sending no more information than is needed by the recipient;
- You're sending the information in a protected manner (e.g., encrypted) when called for by the company policies or the law.
5. Retain or destroy confidential information contained in your records in accordance with your record-management policy.
6. Report any security incidents or privacy breaches that you observe or become aware of as soon as possible.
Which one of the following shows respect for confidentiality of information?
- Discussing confidential information over the telephone.
- Disclosing confidential information only to authorised individuals.
- Uploading confidential information to a shared web site.
- Emailing confidential information to a colleague.
How should confidential information be sent using an unsecured network?
- In an encrypted format.
- In a compressed format.
- In an attachment.
Mark the following statements as true or false.
- Because you work in a secure building, you can discuss confidential information in an open work area.
- The Information Security Policy and related policies only apply to electronic and hardcopy records and does not apply to verbal discussions.
- You should always lock your computer when you are away from your desk.