About Us | Contact Us

Entire Site Articles Interviews Brain Trust

Home Small Business Radio Jim's Blog Articles Videos Small Business Experts: Jim's Brain Trust Ask Jim Motivational Minute Small Business Minute 3rd Ingredient® The Age of the Customer®

Twitter Facebook Blog RSS Google+

Recommended Sites About Jim Photo Gallery Books by Jim

Guidelines Recommended to Protect Computer Data

In nearly every workplace these days, employees view, enter, store, analyze, retrieve and print data from some sort of computerized record system. Once limited to the domain of large corporations and government, the use of computerized records now touches nearly every job in every industry. The room-sized computer mainframes of a generation ago have been replaced with networked systems, desktop terminals, lap top computers and hand-held data organizers all of which can be interconnected.

The computer has moved out of the corporate office and onto retail sales floor, restaurant kitchens, medical offices, warehouses, production equipment controls, delivery vehicles, and into briefcases or purses of travelling workers.

Each new computer application puts more business and personal information into the hands of greater numbers of workers. And with each new use of computerized data, the business entity holding the information has an ethical or legal obligation to establish guidelines to promote reasonable safeguards for handling electronic information.

The need for such protections has come to light, in part due to the growing frequency of unauthorized disclosures of private information such as health records and personal financial data. The recently enacted medical privacy and security regulations referred to as HIPAA demonstrate the need for health care and other organizations to protect private information.

Computer systems professionals recommend that organizations establish guidelines for workstation use to promote reasonable security and safeguards in the handling of electronic information. These guidelines can specify proper equipment operation procedures, functions to be performed, and the physical attributes of the surroundings of the workstation.

It is recommended that the organization designate a systems specialist to instruct employees on proper set-up, operation, and security safeguards relating to use of computer workstations. Typical recommended safeguards include the following:

Only computer terminals, lap tops and peripheral equipment authorized by the computer systems specialist may be connected to the employer's information system

Only software or application programs authorized by the computer systems specialist may be installed or loaded onto the employer's information system or terminals.

Only designated employees assigned to work functions relating to handling electronic information may operate computer terminals, software or systems handling such information.

Computer terminals shall be secured to workstations in a manner prescribed by computer systems specialist to prevent equipment theft.

Computer terminals in areas where employees work multiple shifts may be adapted with a locking device or password control to prevent unauthorized access after regular working hours.

Computer terminals should be positioned to minimize unauthorized viewing by passers-by.

Computer terminals should maintain a screen saver feature as authorized by the systems specialist to minimize likelihood of viewing of on-screen data by passers-by.

Computer terminals unavoidably positioned in an area where there are passers-by may be fitted with a viewing filter to minimize unauthorized viewing of confidential on-screen data by others.

Computer terminals used for entering or handling confidential electronic information should be segregated into a special area, partitioned area or office to separate this activity from other non-confidential information processing.

Employees performing authorized tasks involving use or disclosure of confidential information should comply with privacy and security practices relating to protection of data, use of password access, and compliance with procedures to limit disclosures to authorized individuals and organizations solely for business purposes.

William S. Hubbartt is a human resources and privacy consultant St. Charles, IL. www.Hubbartt.com. He is the author of "The HIPAA Security Rule - A Guide for Employers and Health Care Providers," a 200+ page book in CD format.

ruby on rails developer