General
Confidentiality & Email Related Issues
July 27, 2002 (this is a
"declassified" internal memo)
To: Vicky Tankard
From time to time, you might want to forward my messages, including
official memos to clients. I want to remind you of the confidentiality
issues...
Some of our correspondence are confidential in nature. As with all
companies, our policy is to pass on information based on strict right-to-know + need-to-know basis. i.e. Jackie doesn't have the
right-to-know the root password for FELI, as she's only a junior
staff and lacks that level of security clearance. Since she's handling
the web dev proj for SOD acct., she should be given the login info to
SOD only, not the rest of the clients, even though she does have general
clearance for client info. She does not need to know about M or
in this instance.
The consequences of breaching confidentiality range from shear
personal embarrassment, to catastrophic financial losses, to legal
liabilities. Obviously we need to and want to protect our own
information. We are also under legal and moral obligations to preserve
confidentiality of client information.
Let's address the process of forwarding email
specifically:
Refrain from forwarding email from the folder level.
When
you right click and forward a message from a list, it's all too easy to
be off by one line and inadvertently send the wrong one. There's also no
warning that the info is confidential. Instead, open the message to
preview and confirm that it's the intended content. Only then click forward
from within the message. If the message is flagged confidential, there's
a prominent yellow banner from Outlook announcing it.
Another related issue is
attachment
procedures. Our policy dictates that you
must open up each attachment from within the outgoing email, after you
attached them, and just prior to sending. This will give you a final
chance to review and confirm they're indeed the right files and
versions.
When sending confidential email, you should set the sensitivity
before proceeding to compose it, as you would certainly
forget by the time you finish. The subject line should be prefixed with
MEMO-C as redundant safeguard.
S |