Clear Desk Policy Templates

October 8th, 2009

You already know about the benefits of a Clear Desk Policy — now it’s time to implement one in your organization.

One of the easiest and most inexpensive ways to create a clear desk policy is to use a template or learn and adapt from other policies online.

Below you will find a list of clear desk templates and policies created by other organizations. Feel free to browse them, learn from them, and adapt them to your own organization:

Clear Desk Policy Templates

Clean Desk and Clear Screen Template (Desktopauditing.com)
Clear Desk Clear Screen Procedure (Somerset Gov’t UK)
Clean Desk Policy (sans.edu)
Clear Desk and Clear Screen Policy (Hampshire Fire and Rescue Services)
Clear Desk and Clear Screen Policy (Emporia University)
Clean Desk Policy (University of Cincinatti)
Clean Desk Policy and Guidelines (City of Toronto)
Clean Desk Policy (BankersOnline.com)
Clear Desk and Clear Screen Policy (University of Mannheim)
Clear Desk and Clear Screen Guidelines (Georgia Department of Human Resources)
Clear Desk and Clear Screen Policy and Procedure (Concordia College)

The Cost of a Privacy Breach

October 1st, 2009

A new study released by TELUS in partnership with The Rotman School of Management puts a hefty dollar value on the cost of an IT security breach:

According to the study which surveyed more than 600 IT security professionals across the country:

IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year (source).

IT security breaches happen when systems get compromised or sensitive information voluntary or involuntarily leaks from the system, often due to carelessness or dishonest employees. When a security breach involves the loss of people’s personal information it is commonly referred to as a privacy breach.

Many organizations are bound by privacy legislation to properly secure their systems with respect to the sensitivity of personal information collected but many still fail to do so.

Can we attribute these numbers to the state of the economy?

Not necessarily:

“Canadian organizations are finding it difficult to improve their security posture within the current economic climate.

However, we found several organizations that performed well despite the adversity. Those organizations tended to review whether or not they were focusing on the right threats and conducted regular assessments of their capabilities to prevent, detect and respond to security concerns,” said Alan Lefort, managing director, TELUS Security Labs.

While some organizations will not place a priority on keeping your personal information safe in a weak economy, many still do, so it is not an excuse.

Businesses must remember that personal information is a liability and it must take appropriate measures to secure it and properly train staff to handle it.

Advice for Organizations

Here’s some advice for organizations wanting to minimize the possibilities of a privacy breach:

Hire a Privacy Officer. This will ensure that you have someone responsible for privacy compliance in the office. The privacy officer will need to work closely with security personnel from IT to secure systems containing personal information.
Conduct Privacy Training Regularly. Employees need to be constantly reminded about the proper way to handle sensitive information (e.g. A document destruction and data destruction policy) so that it does not carelessly slip into the wrong hands.
Hire Professional Help. If your organization realizes it has suffered a privacy breach, finding and hiring a privacy lawyer can be one of the smartest moves to make.