Unless you’ve been living under a rock for the past couple of years, you have come across a news story or two relating to data protection & data protection requirements, identity theft, hacking or security breaches. Unsurprisingly, as a result, we’re all a little bit scared of standards of data protection but not many of us fully understand the minutia of it. However, we all manage vast amounts of data on a daily basis and meeting data protection requirements have become equally important.
In heavy industries in particular (such as construction, energy, mining, forestry and manufacturing) contractors are regularly required to share their personal and professional details such as training records, qualifications and medical history. In many cases contractors must also take alcohol and drugs tests before going on site and in order to gain access to site, their fingerprint is scanned. To a low-risk office worker, this may seem like overkill. But in high-risk work environments where heavy machinery is being operated and safety is key, it’s a necessary part of the job.
However, as technology continues to offer efficiencies across all departments of the workplace, ‘non-techie’ managers are frequently required to make decisions on which systems to implement. Whether it’s contractor management software or access control hardware, the manager likely has many questions regarding the storage and data protection requirements of the information being gathered. Not all companies supplying these products and services offer the same level of clarity when it comes to data management and as a result, managers are often left a little confused as to how well their data is protected. And of course, nobody wants to make a decision which could have a major impact on the reputation of the company, as well as their own, without total clarity and peace of mind.
Here are some key questions which should be asked when purchasing systems which store data and meet data protection requirements:
1. Who owns the data which is being stored?
You want to be sure that any data being entered is fully owned by you and can be wiped when your company (and your local legislation) deems necessary.
2. Where is the data being stored?
Different countries have different legislation regarding the storage of personal data and the location it is kept in. You should consult your local data authority for more information on this if you are unsure.
3. What process are in place to ensure the security of the data?
Who has access to the data and how are those people trained? What kind of systems are in place to protect the data? What is your password security policy?
4. How do you protect from malicious attacks and have there been any in the past?
5. Have you conducted independent penetration tests?
By asking these questions to a number of vendors managers can compare the responses to make a more informed decision. In our workplaces, data is something which should be respected and protected, but we shouldn’t avoid it. When managed correctly data can be massively powerful in helping us make better decisions.