A good way of creating good data hygiene is when the senior management is serious about privacy and data protection; The effects trickle down to the staff. A significant threat that a company could face is an employee who does not understand the privacy posture of the company. A lack of employee awareness of data protection can be devastating.

We covered how to improve your organisation’s privacy culture a few weeks ago, but how do you ensure that its importance is demonstrated? Some of the important questions to ask are below.

Privacy Awareness Questions

1. Do you have set down procedures/reference documents for employees dealing with day-to-day data protection issues?
2. Are your employees aware of information security skills?
3. Do you conduct training programs and refresher training on data protection?
4. Are staff aware that unauthorized access to customers’ personal data is not allowed? How do you check that no internal unauthorized access to personal data has been undertaken?
5. Are staff leaving employment aware that any customer data remain subject to confidentiality?
6. Is there something to this effect built into the employment contract?
7. In terms of password policy; How often are passwords changed; Who can change a password; Are there access level restrictions?
8. Do the employees know the internal protocols they must follow after a data breach? For example, you might have all employees change their passwords.
9. If you are employing a BYOD system, do you restrict privilege when working with sensitive data?
10. Do you deliver phishing simulation training & create awareness through phishing simulation training?
11. Is your staff aware of the fact that they are required to accommodate all reasonable data subject requests?

Reacting to your Privacy Level

If the majority of the answers here are ‘Yes’, then congratulations! Your company is doing well, and your employees have good training and awareness about their responsibilities.

If the majority of the answers are ‘No’, then you may need to improve your organisation’s privacy culture, or perhaps take a look at available toolkits, or at any other advice posts.

If you want to learn more about how to improve data protection, or what you need to do to improve it, contact us below.