Your organization might deploy state-of-the-art IT and cyber security measures to keep personal information confidential. But all it takes is one employee to undo all of your good work by removing the data and getting it lost or stolen. That’s why it’s so crucial to implement a policy governing the removal of laptops, iPhones and other personal devices that contain personal information about your customers, clients and employees. Here’s a template policy that you can adapt.
As an employee of ABC Company, we remind you of your obligation to maintain the confidentiality of any and all personal information relating to ABC Company customers, employees or other individuals that you handle in accordance with the rules set forth in the ABC Company Information Security Policy. Removing such information from the workplace may be a violation of that obligation unless you do it in accordance with the terms set out in this Policy.
The purpose of this Policy is to set clear procedures, rules and policies governing the removal of Personal Information from the physical premises of ABC Company facilities.
- DEFINITION OF PERSONAL INFORMATION
This Policy applies to Personal Information, which includes but is not limited to financial, health-related and other private matters, of ABC Company customers, employees and other individuals whether maintained on paper, electronically or in other media, including but not limited to data kept on laptops, iPhones, tablets and other portable electronic devices, whether owned by the employee or ABC Company.
- REMOVAL OF PERSONAL INFORMATION MUST BE AUTHORIZED
Employees may not remove Personal Information from ABC Company facilities without prior permission of their supervisors. To obtain such supervision, the employee must notify their supervisors:
- Which data they wish to remove;
- The legitimate, work-related purpose for removing the data;
- Where they propose to take the data;
- How they propose to use it;
- How the data will be secured;
- When the employee will return the data; and
- Any other information requested by the supervisor regarding the request…