Risk Management – who is responsible Employer or Employee?

In this month’s Blog we examine the different areas of Risk Management and the role played by the employee and employer. When it comes to secure destruction services risk management goes in both directions.

Employees represent great risk for Organisations.

For  example

  • An employee intentionally takes possession of information or media prior to destruction.
  • An Employee Compromises’ security, protocol and company compliance by accidentally acting contrary to policies, procedures and training.
  • Information or media can be intentionally diverted from the disposal process by a number of ways. Employees partake in theft for their own value. They can trade (hard copy or electronic) to thieves’ for money.
  • Employees use competitive information at the behest of the competitor.

August Blog Picture

 

Any of these practices would be highly damaging for any organisation. Employers must have many controllable measures in place to minimize the risk of this happening.

Employers Measures should include

Staff Screening – Employee Screening both pre-employment screening and on-going screening. Prior to hiring employers should evaluate past criminal convictions and past employment at minimum. This will also prevent the hiring of a competitive threat. Screening for abuse of controlled substances is also highly recommended prior to employment. There is also cases worryingly of people applying for jobs , often in a low functional capacity simply to access competitive information for competitors.

Training – All data Protection provisions require that employees be trained and comply with an organisations written information protection policies and procedures.

Acknowledgements and Agreements – Upon completion of information protection training, It is important to obtain written acknowledgements and agreements that an employee understands their procedural responsibilities as well as their law abiding responsibility to comply with the training.  It is very important to emphasise the importance their understanding of the methodology and obligation to notify management in the event of a potential data security breach or violation.

Access Restrictions – From an Employer’s risk management perspective, restricting access to sensitive information from specific employees, classes of employees or departments, reduces the risk of misuse increases accountability and demonstrates data protection due diligence.  Once an Organisation has established a standard of care and protection for information, subjecting it to a lower standard at any point could be justifiably deemed negligent by auditors and regulators.

Paper Shredding

Should an employer have these measures in place its makes it extremely difficult for employee’s to carry out such bad actions. However employees have a responsibility to be law abiding and follow measures that employees put in place.

It’s quite simple, using a paper shredding service saves you money. Your old data is confidentially shredded, giving you security and peace of mind. Our recycling policy is good for the environment. Pulp Recycling is the shredding company for you.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.