Unit15: Organisational Systems
2009-10
Menu
Notes
check out the new notes on the Links page
Aspects of security to consider
The range of security measures to consider covers physical security, computer and network security, communications security and personnel security.
Physical security
Information may be stored in a range of paper based and electronic forms. Physical security measures prevent unauthorised access to information and are relevant to all forms of storage.
Tips for compliance
Physical measures could include:
* barriers such as locks;
* security keys and containers such as filing cabinets, safes and compactuses;
* security alarm systems to detect unauthorised access; and
* access control measures.
These may be complemented by procedural measures such as:
* recording file movements, especially if files are sent to different
offices;
* encouraging a clean desk policy;
* storing all files after use; and
* a security classification system to identify information needing special
protection
Computer and network security
Information technology systems have the potential to increase the risk of unauthorized disclosure of personal information. Organisations need to assess their security risks and take appropriate measures to protect the integrity of their information systems and networks. Risk assessments could cover information systems for storing, processing and transmitting information. The appropriate protective measures will depend on the circumstances and risks involved.
Tips for compliance
* Depending on the organisation's risk profile, measures could include:
access control for authorised users, such as user passwords, screen saver
passwords and limiting access to shared network drives to authorised staff;
* virus checking;
* IT support to deal with security risks; and
* auditing procedures and data integrity checks.
Data security tools representing good practice include audit trails and digital signatures that authenticate authorship and guarantee detection of unauthorised modification.
Communications security
As many computing systems make use of telecommunications networks, security of computing and communications are increasingly interrelated. There are two kinds of communication risks to consider: interception of transmissions and unauthorised intrusion into networks.
Transmission of information may involve insecure telecommunications lines that may be vulnerable to interception.
Tips for compliance
* Where appropriate, protection of personal information could include:
checking facsimile numbers before sending personal information, and confirming
receipt;
* PIN numbers and passwords for some telephone transmissions, for example,
telephone banking services;
* checking identity before giving out personal information over the telephone;
and
* encryption of data for high risk transmissions.
Good practice computer and network security would include both systems, such as firewalls, routers, network intrusion detection systems, host intrusion detection systems, appropriate encryption and expert monitoring.
Unauthorised intrusion into computer networks not only jeopardises the confidentiality of information, it also threatens network integrity by corrupting data. Connections to public networks are often useful and convenient but they can create a route for 'hackers' to intrude into an organisation's information system.
What are considered 'reasonable steps' will depend on the particular circumstances of the organisation and the information it holds.
Personnel security
Personnel security refers to limiting access to personal information to authorised staff only. Organisations could also ensure that those who do have access respect the organisation's culture of privacy. In general, personal information should only be accessed by those people who 'need-to-know', that is, they need it to carry out their duties.
Tips for compliance
* Training staff and management in security awareness, practices and
procedures.
* Developing policies on who can access and use particular categories
of information.
* Specifying and reviewing access privileges for shared computer drives
containing personal information.
Destruction and de-identification
Where it is required that an organisation that no longer needs to hold personal information for any purpose to take reasonable steps to destroy or permanently de-identify the information. A legal requirement to retain the personal information is considered to be a purpose to continue holding it.
What are considered 'reasonable steps' in destruction or de-identification of the information will depend on the circumstances. For example, if a small organisation holds non-sensitive personal information in secure storage, at low risk to the individual, it may be sufficient to destroy the information only as the organisation becomes aware of it in the normal course of its activities. For other organisations with higher risks and adequate resources it may be more appropriate to develop procedures that include criteria for retaining, destroying or de-identifying personal information. Periodic audits could then be conducted and old information destroyed or de-identified according to specified procedures.
Destruction
To protect individual's privacy rights destruction needs to occur by secure means. Garbage disposal of intact documents leaves personal information extremely vulnerable to unauthorised access and misuse. This method of disposal should generally be avoided. Electronic records that are no longer needed should be deleted. However, it is very difficult to reliably remove all traces of electronically stored information. Organisations will need to be aware that deletion may only remove the file-reference but leave all the other information intact.
Tips for compliance
Secure disposal of paper-based records could include:
* shredding, pulping or disintegration of paper files; or
* contracting an authorised disposal company for secure disposal.
Secure disposal of electronic records could include:
* overwriting records before they are deleted; or
* for very sensitive information at high risk, degaussing might be considered
(demagnetisation of the medium using alternating electric currents).
Good practice could also include the deletion of back-up files.
De-identification
Permanently de-identifying information means removing from the record any information by which an individual may be identified. Simply removing the name and address may not be sufficient to de-identify the information. Permanent de-identification also means that an organisation is not able to match the de-identified information with other records to re-establish the identity of individuals.
Tips for compliance
The test for whether information is identifiable is whether the identity of the individual is apparent, or may reasonably be ascertained, from the information
A de-identification procedure would not be complete if, from the resulting
information, the identity of an individual could be reasonably ascertained.
Reasonable steps to de-identify information may include:
* considering the capacity of the organisation to re-identify the information;
* careful consideration of the identifying nature of every aspect of the
information; and
* setting up safeguards that ensure that future collection or uses will
not re-identify the information. An organisation may need to include in
contractual arrangements with a receiving organisation that the receiving
organisation will not re-identify the information.