17.3.2 Data protection
Private and sensitive information is likely to be stored on our computers. We must take effective steps to ensure the privacy and security of this information.
- All computers should have all accounts secured with passwords
- All work-related files should be backed-up (preferably on to CD-ROM) once a month. A copy of the CD-ROM should be securely stored at the office for 6 months
- Computers should have their guest account disabled
- Computers should have a restricted account to enable other members of staff to use them for e.g. web browsing. This account should be secured with a company-wide password that should be changed every 6 months or as required
- No-one other than the authorised user of the computer (or someone else authorised by management) should have access to the account on the computer where work-related documents are kept
- Passwords should be kept private unless otherwise instructed by a manager
- Shared folders should be used on shared computers to avoid two people having to have access to the same account. Sensitive information should not be stored in shared folders
- Private or sensitive information should not be stored on USB memory sticks or similar devices unless it is securely encrypted.
This document was updated in March 2007
