1 Policy Statement
As a company obligated under the Data Protection laws as well as having legal and contractual responsibilities for information security, [Your Company Name] (hereinafter referred to as the “Company”) protects and secures all forms of personal data pertaining to natural and legal persons.
It is the Company’s aim to operate a clear desk policy with regard to paper and confidential materials and staff are aware that they should never leave personal or sensitive information on their desks or in any area that it may be seen or accessed by an unauthorised person.
The purpose of this policy is to ensure that staff are aware of the reasons for operating a clear desk environment and to protect any personal information held or processed by the Company. The Company occasionally has external visitors to our offices, such as clients, suppliers and regulators and it is therefore important to prevent personal or confidential information from lying around unattended.
We also adhere to strict environmental objectives that restricts the printing of materials to only those that are necessary. Having a clear desk provides a professional outlook and helps to maintain a safe environment for our employees, by reducing clutter and preventing accidents
We are committed to the protection of personal information, including that of customers, clients and employees and as such utilise electronic systems for data reading and access where possible. Due to the nature of our business, it necessary for the Company to retain some sensitive information and a large amount of personal information relating to customers. Our Data Protection Policy & Procedures within our GDPR/DPA18 program provides exact controls and measures for securing this type of information.
This policy applies to all staff within the Company (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in the UK or overseas). Adherence to this policy is mandatory and non-compliance could lead to disciplinary action.
The Company is committed to ensuring compliance with the rules, standards and regulations as laid out by its regulating and governing bodies and our own company objectives. Having a Clear Desk Policy enables us to maintain efficiency and an effective workplace and secures the personal information and confidential data that we must hold and utilise owing to the nature of our business. As a company, we have a full understanding of the requirements to protect personal information and we believe that having a clear desk environment is pivotal to this end.
The Company’s objectives regarding clear desks are to: –
- Improve information security and the protection of personal data
- Abide by GDPR/DPA18 requirements and Principles
- Ensure that personal and/or confidential information is locked away where there is a requirement to print it or where it has been received in a paper format
- Redact paper information as far as possible when it pertains to personal information that exceeds our requirements and needs
- Demonstrate an effective and efficient workplace to visitors, clients and regulators
- Protect employee information and employee rights
- Prevent accidents resulting from clutter and an untidy workplace
- Create a stress-free, clean and tidy environment for our employees
- Reduce paper use and recycle where possible
- Reduce the use of toner inks for the printer
- Reduce the storage space for paper information and archiving resources
- Utilise adequate shredding bins and facilities onsite
5 Measures and Controls
Staff are continuously reminded that personal information and/or confidential content should not be printed unless absolutely necessary. However, due to the nature of the Company’s services, paper formats of confidential information are received on occasion. In such instances, where they are required to be on a desk for any duration of time (i.e. for administration or data entry purposes), we provide secured, locked A4 boxes that paper can be stored in should the user be away from their desk. Staff are aware that clear desks are in operation at all times and when leaving the office for any period of time, paper information is either locked away or destroyed.
At the end of the working day, all employees are expected to tidy their desk and to tidy away all office papers into locked desk drawers and filing cabinets. The line manager will also do an office walk round to ensure that paper data has been locked away or destroyed before leaving the office.
It is not just personal information relating to customer or employees that come under the remit of the clear desk policy. All paper formats, including those used to write information down can be considered private or personal information and are subject to the same policy governance rules.
Such documents can include, but are not limited to: –
- Telephone notes
- Printed emails
- Notices and minutes of meetings
- Disciplinary letters
- Accounting paperwork
- Draft letters
- Report and Management Information
- Polices & Procedures
- Corrective Action Plans
- Registers and Visitor Sign-in Books
- Training Handbooks
- [Add/delete as applicable]
Staff are provided with guidelines for keeping their workspace and the office clean, tidy and paper free. They understand their obligations under this policy and relevant data protection laws and do not keep personal information for longer than is necessary. The Company uses [confidential waste bins and a secure waste disposal service/confidential shredding sacks] where paper information is no longer required, and this is destroyed [daily/weekly]. Paper waiting to be shredded is secured in a locked cabinet until destruction.
Staff are afforded regular timeslots to clear their desks of unnecessary clutter such as old diaries, notebooks and filing paperwork that is no longer needed and are each provided with secure A4 lock boxes for securing personal information in paper formats that must be retained on their desk for any period or whilst they are absent from the office.
The Company will ensure that all staff are provided with the time, training and support to learn, understand and implement the Clear Desk Policy and subsequent or associated procedures. Management are responsible for a top down approach and in ensuring that all staff are included and have the support needed to meet the regulatory requirements in this area.