|
Is sensitive data involved? "Sensitive" data includes:
Personal data of clients, employees or patients, such as social security numbers, contact information,
credit history, credit card information, tax information, medical history, or any data that could facilitate
a data privacy breach on behalf of a company,hospital, government agency or association.
Sensitive company data such as financial, product, corporate, operational, marketing, sales, human
resources, strategies, plans and information that could threaten your market standing if competitors were to
gain access.
Classified government data generated by government agencies that could threaten everything from the
economy to homeland security to the private information of government personnel.
Data subject to regulatory compliance under Sarbanes-Oxley, HIPAA, The Data Protection Act or PCI
where the loss of even a single PC requires regulatory notification, extensive reporting and administration,
and incurs significant fines and negative publicity.
If teleworkers will be handling sensitive data, the organization should evaluate whether or not the
appropriate controls are in place to protect this data. Controls can range from training teleworkers
on the proper handling of sensitive data, such as the safe storage of sensitive papers or moving files
via laptops, flash drives or disks, to putting the infrastructure in place, such as a Virtual Private
Network and encryption, to control access to data.
Some organizations may choose to forego controls and require teleworkers to only handle non-sensitive
data while working remotely.
|
