Keeping information safe and private
Information and records are vulnerable from slow destruction and from disaster. It's important to take active steps to protect your records from risk.
Avoiding gradual destruction
Some sources of damage are slow-acting or infrequent, but can still make information unusable. They include heat, humidity, light, computer security threats (viruses, malware, etc.) vermin (insects and rodents), damp and mould (which can adversely affect paper, disks, photos, slides and videos).
You can reduce these risks by keeping records in folders, covers or boxes in clean, dry surroundings. Keep them off the floor, and away from:
- cleaning supplies and other chemicals
- heaters and open flames
- water, heating and sewerage pipes.
- have fire extinguishers, smoke detectors and/or a sprinkler system in the records area
- keep your computer safe and your information secure always back-up your data.
- keep records in secure storage in a safe if necessary.
Protecting against disaster
Some damage happens suddenly and unexpectedly. Examples include fire, flood, storm, earthquake, explosion, computer crash and power failure. Your group should have a disaster recovery plan for records.
Disaster protection checklist
You can help protect your records from being damaged in a disaster by:
- duplicating information and keeping hard copies
- by having backups of your computer records (see Section 12 Information Technology)
- keeping important originals (e.g. leases, bonds etc.) at the bank, with the lawyer, or in a fireproof safe
- keeping photocopies of important records at home or another office (e.g. creditors, insurance)
- knowing where to find experts who can help in the event of disaster. There are experts in this field, called conservators, and most computer firms have expertise in recovering computer records.
Some information like client records and personal staff files should not be accessible to everybody in the organisation.
Privacy Act 1993
The Privacy Act 1993 and associated principles govern the way community groups need to keep information private. It also gives a guide to sharing information with others. The Act is based on 12 privacy principles. These set out broad rules (together with limited exceptions) relating to the collection, storage, security, accuracy, use and disclosure of personal information, as well as an individual's rights to access and correct personal information.
The Privacy Act applies only to personal information about an identifiable individual. It does not apply to information about organisations, companies or other bodies. See more: https://privacy.org.nz/.
Information privacy checklist
To ensure privacy of information:
- have a procedure that identifies records that are sensitive and make sure authorised staff know they are sensitive
- have a clear desk policy for sensitive records put records away promptly
- be aware of physical security and lock records away when not in use
- take care when disposing of confidential records they should be shredded or disposed of securely (an option for larger organisations)
- develop a confidentiality policy
- do not leave records where an unauthorised person can read them or steal them
- keep records in their covers, folders or boxes
- do not take records home
- make a note of who took them if records are taken from where they are normally kept, including, when they were taken, and when returned
- protect sensitive computer-based information with passwords, and
- do not keep personal information longer than required either by law or for the purpose for which it was obtained.