Reading time
8 minutes
What will you learn?
In this component, we will look at how employees can help each other jointly display the proper behaviour when it comes to privacy and security. You will learn why calling each other to account for your behaviour is important and when you can do it.
Summary
This last principle may well also be the most difficult. Helping each other display the appropriate behaviour when it comes to privacy and security naturally means that you yourself must set a good example – and not only at the office, but also when you are on the road and when using your personal equipment at home.
Our behaviour is usually not at all intended to deliberately sabotage anyone's privacy, but that can still be the end result, for example if you ask others for too much personal information or connect people on all kinds of social media, for example by adding them to WhatsApp groups, without their permission. So don't be afraid to draw each other's attention to unlocked computer screens, open cupboard doors and rooms, requests for more information than necessary, unsolicited connections and excessively loud business telephone conversations on crowded trains.
By making sure we help each other learn the appropriate behaviour, we can pave the way together for a reliable and pleasant learning, working and living environment. And that not only makes you feel good, it makes everyone else who is involved now in our education institution and who will be involved in it in future feel good, too.
These days, we can keep working, anytime and anywhere, from any device. At any given moment during the day, we are capable of sending each other files, editing documents and carrying on conversations with each other. It is remarkable how fast this development goes. Look at these kids trying to make a call with a rotary phone...
The flipside is that we have to be more and more aware of the potential risks involved in this connectivity. And the insanely fast pace of the technological developments, makes it all the more important to take on these challenges together, by carrying on talking to each other about privacy and security, daring to call each other to account and being open to suggestions for improving your own behaviour.
Can you work out what the most important items for consideration are when it comes to helping each other on the path to the right behaviour?
It seems so easy to just send your colleague an email, asking them to forward that one list or file to you. You are colleagues, after all, so why would they refuse? But that is precisely where things tend to go haywire; in a business context, you need to be extra careful with personal and other sensitive data. Fortunately, a few simple principles exist for handling this appropriately.
What do you think the three most important principles are?
If you receive a request for certain sensitive data from a colleague, it is perfectly fine to ask them why they need that data. Perhaps you will both reach the conclusion that the colleague can also move forward using less data. You should both take responsibility for data minimisation by constantly asking yourself whether it is possible to ‘make do’ with less data. Help each other, offer your input to each other and try wherever possible to reduce the amount of sensitive data transmitted both internally and externally as much as possible.
Don't pressure each other by requesting data which your colleague doesn't actually want to simply hand over. For example, if you ask a junior colleague to create a WhatsApp group and to add certain employees to it, it may be difficult for them to say ‘no’. Take hierarchical relationships into consideration and make sure that employees and students are free to either give or withhold their consent for the use of their personal data.
Don't request data from others that is already neatly saved in a system, document or list, for instance. If you do, then you will be creating a shadow file, as a result of which the data will then suddenly also be saved on your equipment, and can thus be distributed further or hacked into or infected with a virus. There is an additional risk that you will forget to delete these files when you no longer need them and that the data will no longer be updated, as a result of which the information may no longer be up to date. This could include lists of students who have already been unenrolled and still appear on a lecturer's class list or very embarrassing situations in which messages are sent to people who have since passed away.
Sometimes, you should not make things more difficult than necessary: set a good example. And this is especially important when it comes to privacy and security, since not all employees and students are already fully aware of the importance of handling this appropriately. Role models are needed in order to demonstrate the desired behaviour to employees and students and show them what the advantages are for yourself, your colleagues and the organisation as a whole of complying with the principles from this course.
What do you think the three most important locations are for setting a good example?
Whenever you walk away from your desk, always check whether you have left everything behind in a secure condition. Is your screen locked? Are there any sensitive documents lying on your desk? Are the cupboard doors closed and are there any post-its in the rubbish bin with sensitive information written on them? Make a habit of leaving behind your own workstation in a proper state, so that you set the right example for your colleagues. And if you are the last to leave the room, always lock the door behind you.
It often happens unconsciously; you take a business call on the train, lend your business telephone to your children or quickly sync your cloud services with your personal equipment. All very understandable, but not without risks when it comes to data breaches. You must therefore also be aware when you are on the road and at home of the risks and possible consequences each time you handle sensitive data. Never mention names on the telephone if ‘strangers’ can hear you, don't lend your business equipment to ANYONE and maintain a strict division between your business and personal files. No doubt we do not need to repeat again here that you must always ensure your software is up to date and must never use public WiFi...
While it is almost never with malicious intent, amid the growing numbers of folders and files on our business equipment, something occasionally goes haywire. A colleague shares the wrong folder with you and suddenly you have access to data which is not intended for you. Or you notice that you can no longer access certain data because a colleague has accidentally deleted it. For every action you take in the digital world, it is a good idea to always double check first whether what you are going to do is actually what you were intending to do. And if you see that things have gone wrong for a colleague, point it out to them in a friendly way. There's a good chance that your colleague does not realise something did not go entirely according to plan, until you point it out to them...
As unpleasant as it is, if a blunder is made with regard to privacy and security, it can have considerable consequences for everyone involved. But we prefer to look at the positive side: by being aware of the damage that can occur, you will strengthen your motivation to do the right things yourself and to help your colleagues to do the same. In this way, we work based on a positive approach on a shared goal: creating an organisation where dealing with privacy and security properly and consciously is deeply rooted in the DNA of all employees and students.
What do you think is the most important benefit for organisations where everyone complies with the rules for dealing properly with privacy and security?
By properly adhering to the principles from this course, we can ensure we are in control of all sensitive data at our education institution. We then know where which data is stored, that all data is protected, that the data is correct and that only the right people have access to certain data. This greatly reduces the risk of a data breach occurring.
Dealing appropriately with privacy and security has a positive effect both internally and externally. Internally, employees will perceive privacy and security as a permanent part of every process, which may reinforce the feeling of security and reliability. This, in turn, will increase their job satisfaction. And for students, suppliers, etc., dealing appropriately with privacy and security will lead to closer relationships and a professional image.
All information about the handling of information at our school is laid down in the 'Information Security Policy'. You can download and view this document via the button below: