These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT service provider or board of directors. When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
• When not required, the paper or files should be kept in a locked drawer or filing cabinet.
• Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
• Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
• Data should be protected by strong passwords that are changed regularly and never shared between employees.
• If data is stored on removable media (like a CD, DVD or flash drive), these should be kept locked away securely when not being used.
• Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing
• Servers containing personal data should be sited in a secure location, away from general office space.
• Data should be backed up frequently. Those backups should be tested regularly, in line with the company's standard backup procedures.
• Data should never be saved directly to laptops or other mobile devices like tablets or smartphones.
• All servers and computers containing data should be protected by approved security software and a firewall.