Background
Also known as a “Clean Desk Policy”, the purpose of this Appendix is to establish a culture of privacy, security, organization and trust for all documents and electronic media that will protect all staff, student, parent, and guardian information. An organized workspace produces a positive image for Division facilities, reduces and eliminates the threat of a security incident such as the loss or theft of confidential, proprietary or sensitive information, and encourages the efficient organization of individual working environments. Anyone working with personal information is subject to this procedure.
Procedures
- Destroy information that is no longer needed. Ensure all documents and electronic media of sensitive information are disposed of in a secure way, in accordance with Administrative Procedure 185 - Records Management. Do not dispose of any documentation containing personal information in recycle bins. Delete computer files, and empty the deleted items folder and recycle bin on your computer.
- Secure all information in your workspace. Protect hardcopy materials, electronic media (e.g., memory sticks, external hard drives), laptops, chromebooks, smartphones and tablet devices when not in use. Use a screensaver that is password protected when the computer is idle for an extended period of time. Consider scanning paper items and filing them electronically on a secure network drive. Do not keep confidential documents on your desktop.
At known extended periods away from your desk, such as a lunch break, sensitive working papers are expected to be placed in locked drawers and your computer/tablet screens locked when not in use. This includes documents and notes, as well as post-its, and electronic media. If your system is left unattended, make sure to lock it so a password is required to log in. At the end of the working day it’s expected that employees tidy their workstations and secure all office documents and electronic media in a safe environment. - Protect sensitive material like any other valuable by locking/securing it. Make sure that your monitor is not easily visible to others and if necessary, reposition it or use a privacy filter device. After meetings, remember to erase white boards if they contain any type of sensitive data. Treat mass storage devices such as portable drives or USB drives as sensitive and secure them in a locked drawer. Whenever possible use Division network storage.