keeping information safe and private
information safety
Information and records are vulnerable in two general ways — from slow destruction and from disaster. It's important to take active steps to protect your records from these risks.
Avoiding Slow Destruction
Some sources of damage are slow-acting or infrequent, but can still make information unusable. They include heat, humidity, light, computer viruses, vermin (insects and rodents), damp and mould (which can adversely affect paper, discs, photos, slides and videos).
Reduce these risks by keeping records in folders, covers or boxes in clean surroundings. Keep them off the floor, and away from:
- light
- food
- cleaning supplies and other chemicals
- heaters and open flames
- water, heating and sewerage pipes.
Ensure you:
- have fire extinguishers, smoke detectors and/or a sprinkler system in the records area
- maintain software integrity — don't use discs from other organisations or copy computer programmes without checking for viruses
- keep records in secure storage — in a safe if necessary.
Protecting Against Disaster
Some damage happens suddenly and unexpectedly. Examples include fire, flood, hurricane, earthquake, explosion, computer crash and power failure. Your group should have a disaster recovery plan for records.
Disaster protection checklist
You can help protect your records from being damaged in a disaster by:
- duplicating information and keeping hard copies
- by having backups of your computer records (see Section 12 — Information Technology)
- keeping important originals (e.g. leases, bonds etc) at the bank, with the lawyer, or in a fireproof safe
- keeping photocopies of important records at home or another office (e.g. creditors, insurance)
- knowing where to find experts who can help in the event of disaster. Some computer firms have expertise in recovering computer records, and there are experts in this field, called "conservators".
information privacy
Some information — like client records and personal staff files — should not be accessible to everybody.
Privacy Act 1993
The Privacy Act 1993 and associated principles govern the way in which community groups need to keep information private. It also gives a guide to sharing information with others.
The Privacy Act applies only to "personal information" about an identifiable individual. It does not apply to information about organisations, companies or other bodies.
The Act is based on 12 privacy principles. These set out broad rules (together with limited exceptions) relating to the collection, storage, security, accuracy, use and disclosure of personal information, as well as an individual's rights to access and correct personal information:
Information privacy checklist
To ensure privacy of information:
- have a procedure that identifies records that are sensitive and make sure authorised staff know they are sensitive
- have a "clear desk" policy for sensitive records — put records away promptly
- be aware of physical security and lock records away when not in use
- take care when disposing of confidential records — they should be shredded or disposed of securely (an option for larger organisations)
- develop a confidentiality policy
- do not leave records where an unauthorised person can read them or steal them
- keep records in their covers, folders or boxes
- do not take records home
- if records are taken from where they are normally kept, make a note of who took them, when they were taken, and when returned
- password bar sensitive computer-based information
- personal information should not be kept for longer than required — either by law or for the purpose for which it was obtained.
Tip
For more information about your rights and obligations under the Privacy Act 1993:
Back to top