Ensuring our privacy and controlling our data

For some years now, governments around the world are adopting very restrictive laws on personal data processing. More and more data is registered but are we aware of what we are trying to protect? What is behind these restrictive laws?

Their main goal is to protect and preserve our data so they don’t fall into the hands of those we don’t want.

Some data are more private than others. Generally speaking, we are more willing to share our personal data with more people and organizations, but we are less willing to share data on our health or more intimate information with third parties.

Everyone must be able to preserve, to keep under control, the access to their data, but it is also important to safeguard data privacy of OTHERS!

Are we aware? Do we know how to protect the INFORMATION we manage at work so that is doesn’t reach unauthorized people?

Below is a set of best practices that will help us keep this information safe in our organizations:

• Always save information on resources provided by the organization that ensure access control, copies…
• Never save confidential information on external support, as these are very vulnerable.
• Information support (devices): laptop computers, tablets, USB drives (Pendrive), hard disks and memory cards are vulnerable to being stolen, breaking, being lost, destruction, etc. so it is important to avoid any unauthorized access to these devices and ensure you have a copy of the information stored to protect it.
• Avoid connecting from public wireless (WiFi) connections (hotels, restaurants, cafés, etc.) from your work devices as data may be vulnerable to unauthorized third parties.
• If you must, then use virtual private networks (VPNs) or secure HTTPS connections.
• Keep your desk clear of papers.
• Do not leave any confidential information visible.
• Keep an eye on your laptop, tablet, Smartphone or any other information support at all times.
• Block your session on your computer whenever you must leave, even if for a short period of time.
• Your passwords should contain: at least 8 characters; at least one digit, one letter, one lower case letter and one upper case letter. Whenever possible, you should change your password every 90 days.
• Passwords must not be shared or left visible to others.
• Never share complete data such as: addresses, username and password on one single device.
• For instance, if you generate a password for a ciphered file, it is important to deliver the password to the used using a separate channel.
• Before sharing your data make sure the sources of information (web pages, email addresses, services, etc.) are reliable. For instance, some websites that appear to be legitimate may try stealing your credentials or you may inadvertently run malware programmes that put your information or that of your organization at risk (virus, Trojans, ransomware, keyloggers, etc.)

Share any doubts with your work colleagues to improve the management of data and information in our daily activities.

And, especially important, ensure your own privacy and that of your data.