Best Practices

Identify & Remedy Dangerous Working Practices

Improve User Handling of Organizational Records

TARGETED BEHAVIOUR
Working copies of Records are being abandoned in unsecured locations.

DIRECTIVE
Files temporarily retrieved from records management systems for editing or reference, must be returned correctly to the records management system after edits have been made and all reference copies must be deleted as soon as work is complete.

Records may not be indefinitely stored in Home Drives, SharePoint Sites, Office365 file shares, or on NAS storage. Records may only be stored in designated records management systems.

POLICY REQUIREMENTS
Scan once per week for files containing ‘customer numbers’, ‘employee numbers’, ‘supplier numbers’, social security numbers, credit card numbers, and/or other specific PII/PCI data, that have not been accessed/modified within the past seven days.
Notify Data Stewards/Records Managers when suspected records have been identified.
Require that Data Stewards/Records Managers review file lists and perform appropriate actions.

 

Avoid Unnecessary Retention of Sensitive Job Applicant Data

TARGETED BEHAVIOUR
Personal letters and CVs collected during recruitment processes are being retained within Managers’ Home Drives. The sensitive personal data within these files is not appropriately secured.

DIRECTIVE
Personal letters and CVs collected during recruitment processes must be destroyed immediately after the position is filled. If the manager wishes to retain these documents for future reference then a dedicated location can be provided.

POLICY REQUIREMENTS
Home Drives (including O365 file storage) are scanned on a monthly basis.
Files containing relevant strings/patterns (social security number, “CV”, etc.) are identified.
The owners of identified files are notified, asked to remove the offending files and reminded of the organizational directive.

 

Remove Practices of Storing Password Details in Files

TARGETED BEHAVIOUR
Users are storing personal passwords as well as application and service account login information in file shares.

DIRECTIVE
Users must store all login credentials (including user names and passwords for personal accounts) in a dedicated system (KeePass). No ID or password information may be stored in files, encrypted or otherwise.

POLICY REQUIREMENTS
File shares and O365 file storage are scanned once per month.
Files containing text strings associated with passwords and user IDs are identified.
he owners of identified files are notified, asked to check the file contents and reminded of the organizational directive.

 

Ensure Destruction of Sensitive Annual Review Data

TARGETED BEHAVIOUR
Sensitive personal data, including salary information, is distributed to managers on an annual basis to support annual review processes. These files are not being appropriately deleted after the conclusion of review processes.

DIRECTIVE
Employee information that is provided in support of annual review processes must be deleted following completion of these processes. Historical information can be provided upon request and should therefore not be retained independently by managers.

POLICY REQUIREMENTS
Home Drives (including O365 file storage) and Common Shares are scanned on a monthly basis.
Files containing relevant strings/patterns (“Annual Review”, “Salary” and employee numbers) are identified.
The owners of identified files are notified, asked to remove the offending files and reminded of the organizational directive.
Improve File Data Compliance
Business Needs Teasers

A stringent and tightening regulatory environment is placing increasing focus on data compliance and protection issues.
Read More

North America HQ

NORTHERN Parklife, Inc.
301Edgewater Place, Suite 100
Wakefield, MA 01880
USA

Voice: 781.968.5424
Fax: 781.968.5301

salesUS@northern.net

 

Additional Contact Information

EMEA & APAC HQ

NORTHERN Parklife AB
St. Göransgatan 66
112 33 Stockholm
Sweden

Voice: +46 8 457 50 00

salesHQ@northern.net

Northern Parklife



©2018 northern parklife

privacy statement 
terms of use