One of the simplest ways to become compliant with basic privacy and security principles, increase productivity, and have a great-looking office is to implement a Clean Desk Policy.
A clean desk policy and a clear screen policy work hand-in-hand to safeguard your organization’s sensitive information.
What is a Clean Desk Policy?
A clean desk policy instructs that all employees must clear their desks at the end of each work day. This not only includes documents and notes, but any post-its, businesses cards, and removable media (e.g. memory sticks).
Following a clean desk policy will help your organization reduce the risk of information theft, fraud, or a security breach caused by sensitive information being left unattended and visible in plain view.
The Benefits of a Clean Desk Policy
The clean desk policy should be adopted because of the numerous benefits it can provide your organization.
Saves Time and Money
According to an IDC report, a typical employee in your organization spends 2.5 hours a day searching for information. Assuming the knowledge workers in your organization earn $80,000 a year, a 1000-person organization loses approximately $2.5 million dollars a year from the inability to locate and retrieve information.
In addition, a clean desk policy will encourage employees to use digital versions of documents, significantly reducing your organization’s costs of paper, ink toner, and printer maintenance.
Who knows who and when someone will visit your office. A clean and tidy workspace makes your organization look efficient and presentable to anyone who decides to visit, including the auditors!
A clean desk policy is not only ISO 27001/17799 compliant, it also complies with basic privacy principles. Canada’s federal privacy legislation PIPEDA requires that Canadian organizations safeguard personal information. UK’s Data Protection Act requires organizations in the UK to ensure that personal information is kept secure.
Discourages Prying Eyes
Employees usually leave sensitive information on their desk. Post-it notes are usually the worst culprit, containing names, phone numbers, and even user names and passwords visible in plain view. These habits encourage dishonest employees, cleaning crews, and maintenance staff to view information they should not have access to.
A place for everything and everything in its place. When your employees are organized they can spend more time concentrating on work rather than stressing out because they can’t find a report due in the next 10 minutes.
Implementing a Clean Desk Policy
You are convinced that your organization needs a clean desk policy. Good. Your next step is implementation.
Put it in Writing
A clean desk policy should be in writing and communicated to all employees, especially during introductory and refresher training. Consequences for failure to comply should be serious yet practical, especially if your organization works with much sensitive information. Have all employees sign the document for approval.
You can get a headstart using free clean desk policy templates.
Add a Reminder to Email Signatures
You have probably seen it below many email signatures: Please consider the environment before printing this email. If your organization uses standardized email signatures, consider having this reminder added to the bottom.
You can’t implement a clean desk policy if you have no where for employees to put their documents. Consider purchasing small, lockable storage boxes for employees that fit under their desk.
Encourage Electronic Documents
Have employees work with electronic documents whenever possible. Without the need to print and work with physical papers, your employees will always have a clear desk whenever they log out of their computers.
Get Rid of Documents Securely
Your employees should never throw any work-related documents into the waste basket. Once garbage leaves your company’s doors, it becomes public property. Nothing can ruin your organization quicker than careless employees throwing sensitive information into a waste basket. Your organization does not want to be on the front page of the newspaper for exposing sensitive information.
Use a secure shredding service to ensure all documents are disposed of securely.
Perform Routine Backups
If you discourage employees from using physical documents, make sure your organization has a dependable backup routine in place. Employees need to know that their documents will be safe in the event of a power loss or hard-drive crash.
Enforcing a Clean Desk Policy
Implementing a clean desk policy and having a nonchalant attitude towards enforcement will render your policy useless.
Have your privacy officer conduct random weekly checks, possibly at the end of a work day. All papers, notes, post-its, or any other documents containing sensitive information should be shredded immediately. Removeable media, such as CDs, floppy disks, or memory sticks should be confiscated.
Upper Management Support
A clean desk policy needs to be taken seriously — especially with all levels of management. If your employees see that upper management does not have to abide by the policy, they will soon lose faith.
The fact that upper management usually handles more sensitive documents should reinforce the need for a clean desk policy for all employees regardless of their status within the organization.