UnPlugged Tuesday, 10 May 2011

Out of sight, out of mind - do you know who can see your files?

Save to account  Send as an E-mail Open as PDF  Print Friendly Version 
Article Index
Overview


Organisations often build fortresses around their documents and files to prevent prying eyes, outside of the HR department, ever getting their hands on sensitive data like pay, personal information and confidential appraisals.

 

However, when HR teams need to share the same data with staff outside the department, external agencies or even access it themselves from home or outside their office, they may e-mail it to their Google or hotmail accounts. They might use free public cloud-based file sharing services, often in the US, which are not compliant with the Data Protection Act or copy it onto USB sticks and hope they don’t lose it in transit.

 

So why do professionals exercise the tightest of security whilst ‘in the office’ but risk it all going horribly wrong the instant they need to share externally or work on something from home? Changes in working life: more mobility, increasing number of work locations, the need to work collaboratively with external people, contractors and agencies, are scenarios that were just not catered for in a traditional, paper file-based style of working. Working life has changed, and the internet has changed the rules.

 

Because HR departments have highly sensitive and confidential files, just like their colleagues in Finance, they have to be extremely careful how and what they use to share their files externally. So what can HR do to facilitate easy yet secure file sharing? Here are 5 basic pointers:

  1. Look at using external file sharing services that are compliant with the Data Protection Act – after all, files include a lot of personal and sensitive data

  2. Security, security, security. Ensure that any service you use has taken security to the highest possible levels including ISO27001 compliance, have file and folder level permissions, use encryption and username/password protection

  3. Avoid using transfer tools like USB sticks – these are easily lost, can get damaged and have very little protection

  4. Don’t just use any old free on-line cloud file sharing service, just because it’s giving free storage – think, why is it free? What about their security? What country are the files actually going to? Where is the data being stored? What if something went wrong, what would your legal position be if the files where not in the UK?

  5. Use systems that track the access and any modifications and that have some kind of in-built audit and track version changes

 

A final note – after protecting your files so well from inside staff, it only takes a lapse when sharing externally for it to all go horribly wrong. Work sensibly and use secure, compliant file sharing and document tracking systems that store files in the UK – they are there to protect you, help you work more easily whilst on the move, give anytime and anywhere access and finally, help you sleep easily at night.

 

Add comment


Security code
Refresh





Forgotten your password?

 
I'd like to subscribe
Subscribers only - te law will answer your employment law queries. Find out more about our email support
Free Download the latest HRBullets newsletter

Popular UnPlugged Articles

Now there's more ways to stay in touch

Join Us on Linked in Become our Fan on Facebook Follow us on Twitter