Edward Snowden‘s revelations about U.S. surveillance and new Canadian anti-spam legislation are good reasons to evaluate your data privacy policies. Here are some important elements to ensure the security of your contact list.
Who do you think controls access to your data? In your organization, you all have one or more network administrators that provide you with your individual access codes to your computers, servers, files, tools, etc. What about your contact list? The one you send to your external suppliers?
Here are 5 important rules to ensure the confidentiality of your data.
Designate the Person in Charge
For obvious security reasons, external suppliers should never create or edit your employees platform access over the phone or by email. Identify a person (usually IT) in your office to be responsible for managing everyone’s access. This person will be responsible for defining roles and responsibilities and for providing login codes.
One Login = One User
It happened to me, several years ago, during a training session, to see my clients completely panicked. The reason: an employee who had left the company continued to access the platform. After validation, this was not the case; a new person was using his login. In such a situation where the logins are shared, it is impossible to know who actually did an action. For security reasons, you may want to preserve a reliable history. So, when someone leaves, disable his access and create new ones for substitutes. Remember, your list is priceless – think of all the time it took to build it!
Password Rules
Make sure to use secure passwords rules. The most secure level will require a password containing at least 7 characters with a letter, a number, a capital letter and a special character. Make sure that people cannot enter 1234. Also, provide a temporary password which must be changed at the first connection. This way, only the users will know their codes.
Secure Files
Never send a list without adding a password in order for the recipient to open the file. And look out! Do not send the password in the same email. Who has not made the mistake of sending an email to the wrong person? ?? If you have not already done so, you’re lucky. Anyway, make sure to always secure data exchanges.
Hosting in Canada or in the United States
The american law (Patriot Act), provides data access to the U.S. government and gives it control over the data that is hosted in its territory. The Snowden case demonstrate that american listening goes beyond this Law. Following this event, we see that many public businesses, especially in the banking sectors and governments, apply restrictions and promote data hosting in Canada. In their privacy policies, they require entities wishing to host data outside Canada to advise their client when taking coordinates. Thus, using a Canadian provider that is hosting data in Canada facilitates compliance with the Privacy Act. Whatever your choice is, make sure you secure your data access and that you comply with the policies in your organization.
In addition to these tips to limit access to your contacts, we strongly suggest that you define roles and responsibilities that define which contacts a user can access and the tasks they are allowed to do.
Need help to create roles or want to know more about user management? Contact our team.