Management and Protection of customer information in the field

Purpose

This procedure describes the actions to be taken to protect customer information held by Staff working away from the operating base.

Responsibility

All staff

Process

Computer records

All personal information held on a computer system that is taken into the field should be securely protected through the use of:

• Passwords for the computer system.
• User accounts with strong passwords.
• Where necessary, encryption of the data.

Where the computer is configured to be used to query information from a remote server, access to network resources should be restricted to named users and the resources made invisible to any other user.

Computers used outside the control centre should be kept out of view while in a vehicle and never left unattended.

When using a computer outside the control centre, care must be taken to ensure that other people cannot see information displayed on the screen – unless it pertains to them – and cannot identify keystrokes being made to enter user names and passwords.

Paper records

Where paper records are being used, wherever possible staff should not take the entire customer file out of the office; relevant records or copies of records should be taken and stored within temporary folders.

Folders and documents should be transported in a suitable and sufficiently sturdy bag or brief case rather than loose.

Folders and documents containing personal information (e.g. name, address, telephone number, date of birth and medical histories) should not be left unattended.

When referring to documents, care must be taken to ensure that individuals not a party to a document cannot read the document.

Upon return to the control centre:

• All documents created or amended during the visit should be processed or placed in the appropriate tray for processing.
• All original documents should be replaced in the files from which they were taken
• All copy documents which do not contain alterations should be shredded.