Locked lesson.
About this lesson
How does privacy affect company policies on business communication? What steps can be taken to keep digital and paper documents secure?
Exercise files
There are no related exercise files for this lesson.
Quick reference
Privacy & Legal Considerations
How should privacy concerns affect company policies on business communication?
When to use
Use this section to understand some of the threats posed by written communication, and how businesses can protect themselves from these threats.
Main Points
Governments regulate privacy and information sharing in many regions.
Weak information security systems can lead to poor business reputation and an unwillingness for people to do business with you.
Risks and threats include:
- phishing attacks
- remote work
- accidental divulging of confidential information
- dormant accounts
Employee sensitivity training and strong security systems can help mitigate company information falling into the wrong hands.
Login to download- 00:05 Privacy is a huge concern today.
- 00:08 People are concerned about how their information is used, stored and
- 00:11 who has access to their personal data.
- 00:15 How you respond to these concerns will first be dictated by
- 00:18 the laws of your country or region, but also by how your organization chooses
- 00:22 to handle written internal and external communications.
- 00:27 Where are your electronic data servers located?
- 00:30 What are the policies of your service providers?
- 00:33 What laws govern their operations?
- 00:35 How long is sensitive information such as credit card, biometric and
- 00:40 account data kept on file?
- 00:42 How many people have access to this data?
- 00:45 Do any third parties have access to people's personal information?
- 00:49 And do you have consent to share that information?
- 00:53 All these questions are important because people can choose to do business elsewhere
- 00:57 if they don't feel like their information is safe with you.
- 01:01 Privacy and security starts with educating all employees about these threats and
- 01:06 concerns.
- 01:07 Think, for instance,
- 01:09 about the innocent looking reply to all button on your email application.
- 01:13 This button is intended to send your response to all the addresses in the to
- 01:17 and CC fields of an email that you received.
- 01:21 Aside from being generally overused, this is a potential privacy risk.
- 01:26 For instance, someone might reply to a request for
- 01:29 information by attaching a document that has sensitive information,
- 01:33 but they accidentally use the reply to all button.
- 01:36 So, now the document is in the wrong hands.
- 01:39 And this is one of the reasons why employee sensitivity training is so
- 01:42 important.
- 01:44 Part of the employee training on privacy and security,
- 01:47 should be about why the policy is necessary.
- 01:50 That way employees see that extra layer of security not as a nuisance, but
- 01:55 as a means of protecting them too.
- 01:58 They're more likely to cooperate and
- 02:00 become allies instead of thinking of ways to work around the system.
- 02:06 You no doubt know that bad actors often try to get people's personal
- 02:10 information via phishing, where they pretend to be a trusted organization and
- 02:15 then initiate contact, often by email.
- 02:19 What you can do is to make it easier for
- 02:21 your customers to identify these fraudulent attempts by publicizing your
- 02:25 policy of never approaching customers, asking them for this kind of information.
- 02:31 That way your customers can easily reject any such attempt.
- 02:36 What about hardcopy documents like credit card authorization forms,
- 02:41 employee files, faxes even, who has access?
- 02:44 Where are they stored?
- 02:46 And when and how are they destroyed?.
- 02:50 These policies must be documented in a straightforward way so
- 02:53 that any breach of the policy is clear and undeniable.
- 02:58 Each employee must know what's expected of them and what are the company wide and
- 03:03 personal consequences of non-adherence to a strong privacy policy.
- 03:09 The strong company policy on information security shouldn't be limited
- 03:13 to employee training, but it should also be built in to the systems that you use.
- 03:17 Like having password parameters to reduce weak passwords, setting restrictions on
- 03:23 accessing company networks on none password protected mobile devices.
- 03:29 Accessing company networks on public Internet and providing instead
- 03:34 Virtual Private Network or VPN access to employees working remotely.
- 03:40 The organization should also have in place systems for
- 03:44 revision of access when employees roles change so
- 03:47 that sensitive information is only available on a need to know basis.
- 03:51 And people don't try to take advantage of dormant accounts that have high
- 03:56 level access.
Lesson notes are only available for subscribers.