whether customer and employee data is legally protected in your country
or industry, we all have an ethical obligation to protect others'
personal information as
well as our own organizations' proprietary information. Doing otherwise
is an open invitation for that information to be used in malicious ways
ranging from identity theft to corporate espionage. At the very least,
it's simply common courtesy to protect others' privacy!
data-protection systems, here are three sources of electronic data
breaches that I see all the time:
- The most common breach has perhaps always been -
and will perhaps always be – computer monitors left on and exposed so
that passers-by can read the screen. (Plus, if that machine is 'live'
and unattended, what's to stop someone from using it to forage for still
more information?). Have a reasonable and enforceable policy to prevent
each of these things from happening.
- Redeploying computers. Most companies seem to
be getting better about removing hard drives from old computers they are
trashing or selling off. (And if you aren't doing that, you need to!
Those drives can easily be accessed by the new owners to retrieve
whatever is on there. Remember, that is true even if you've used many of
the programs designed to mask that data.) What about redeploying
computers to new parts of your business, though? Are you sure that the
new user needs access to the information gathered by the former user? If
not, get that data off the machine before it goes where it ought not be
- People change their electronic technology more
often than their underwear these days and all those machines and gadgets
are a huge source of potential data breaches. While cell phones are
especially likely to have your and others' private information on them, remember that there are
memory chips or drives in pretty much everything these days and some are
surprisingly large. Things like copy machines and fax machines are
prone to have a ton of data on them that needs to be protected. Be sure
that their memories are wiped clean before you get rid of them.
Like with so many things ethical, electronic data
security is often seen as someone else's job. Also like so many things
ethical, however, we have not fulfilled our ethical obligation if we
don't do everything in our power to assure that the proper thing is
being done. If you see any of these potential data breaches occurring in
your organization, make it a point to bring the problem to whomever has the
authority to correct the problem.