Where data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reasons:
When not requested, the paper or files should be kept in a locked drawer or filing cabinet.
Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong password that are changed regularly and never shared between employees.
If data is stored on removable media (like CD/DVD, flash cards/USB card and etc.), these should be kept locked away securely when not being used.
Data should only be stored on designated drivers and servers, and should only be uploaded to an approved cloud computing services.
Servers containing personal data should be sited in a secure location, away from general office place.
Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
All servers and computers containing data should be protected by approved security software and a firewall.