CDP: What Is A Clean Desk Policy?

Both client data and internal company data are considered confidential and need to have specific safeguards in place so ensure that this data does not fall into the wrong hands while employees have easy access to it when needed. Digitally, group policies and folder permission settings can help restrict unauthorized access to this information. But what about all that paper?

The information that could be sitting on an employee's desk could undo all of your IT Department's efforts to restrict access to critical data. Many companies adopt a "clean desk" policy to secure sensitive documents and also to keep work spaces uncluttered.

The organization must take some steps to ensure a strong policy including:

• Providing locked storage for papers, laptops, and portable storage devices (ie: thumb drives)
• Supply locked document shredding bins or shredders for employees to safely dispose of sensitive records
• Ensure that computer users are not creating stick-up notes with passwords or other sensitive data exposed on their desk
• Do not use client data for development, generic testing, or training presentations or any purpose other than providing services or client-specific testing
• Always use secure transmission methods such as secure mail, secure file transfer, or encrypted electronic media
• Don't keep confidential data on-hand longer than it is needed.
• Provide training to your employees and reinforce the importance of the policy to all employees.

Be sure to enforce that any extended period away from their desk should be treated with the same weight as if the employee were out of the office entirely.