Most large companies and many smaller companies offer flexible and/or off-site work arrangements for at least some of their employees. While working remotely has quite a few advantages for both the company and the employee, there are many complications as well. One significant obstacle for your company to tackle is document security. If you have any remote employees, it’s important to have a clear plan in place for handling sensitive data.
A clearly defined Records and Information Management Policy will ensure your employees know what is expected of them. In addition to safeguarding your company’s own private information, it gives your clients or patients peace of mind that their sensitive data is being protected.
Some basic privacy protocols should include:
- Setting clearly defined rules about devices. These rules should outline what devices can be used, where they can be used, and what company information can be accessed on personal devices
- Requiring a VPN to encrypt data flowing to employees’ private devices. Or another option is changing the home router password
- Requiring employees to work in a private, secure location. This should be a space where unauthorized people cannot access sensitive papers or overhear private conversations
Records Management Policies
Controlling paper is a critically important part of protecting your company’s and your customers’ data. Your records management policies should include:
- Keeping paper documents in a secure location. Locked file cabinets or boxes should be required rather than permitting papers to be left out on desks or in unsecured drawers.
- Keeping all papers generated as a part of work separate from household papers, to be safely shredded later. This includes notes from meetings or even scraps of paper that have any company information written on them.
- Maintaining a “scan and shred” policy. For some documents, it may be safer to scan the documents and then shred the originals. This protects the data from being thrown away, lost, or accidentally seen by unauthorized personnel. This may also be a good policy if several people working remotely need access to the same information, rather than making paper copies for each person.
- Maintaining document retention policies. Documents that are required by law to be retained for a specific period should be stored separately and clearly marked as to their content, the law or guidelines in question, and the date when they can be destroyed.
- Specifying how documents are to be shredded. Home shredders simply do not shred well enough to safeguard your company’s or your customers’ data. Work-related paper and other products should be professionally destroyed. Define for your employees whether they are to bring their paper to the office to be shredded with other office paper, deliver it directly to the shredding company, or receive residential shredding services.
We recommend that you provide your remote employees with a secure receptacle into which they can deposit their papers that need shredding. At TITAN, we provide complimentary locked bins for documents that will be shredded. Call us to develop a plan for your employees so you can provide security and privacy for your company and your clients as well as clarity and confidence for your employees.