Applying Organizational Safeguards
Here, you learn some simple organizational safeguards that employees can use
to protect personal information.
As well as physical measures, there are some easy-to-apply and common sense
organizational safeguards that every employee who handles personal information
can use. Those organizational measures include the following.
- Adhere to your institution's policies including those on access and
privacy, and acceptable IT Usage.
- Where possible, adopt a clean desk policy.
- Lock all personal information away at the end of every working day.
- Limit access to all personal information on a need-to-know basis.
- Never leave personal information unattended in plain view where others might
be able to access it.
- Change passwords frequently. Remind employees never to share passwords and to
choose passwords that aren't easily guessed.
- If customers, employees or third parties such as relatives or credit issuers
request personal information over the telephone, take steps to verify the
identity of the caller and their right to access the information before
providing it. Do not leave personal messages on voice mail or answering
machines.
- Dispose of personal information only according to specified retention
schedules and in a secure manner (never in a blue recycling box or a dumpster).
If in doubt about any of these or other measures, talk to your supervisor or
Privacy Analyst.