Cookie consent

This site uses cookies that need consent. Learn more

Skip to content
Facit Data Systems

Data Privacy Management – Best Practice

Doctors looking at a document in a hospital reception area.
In this article, we look at data privacy management from staff training to DSAR fulfilment in order to help you avoid accidental, avoidable data privacy breaches.

Facit document privacy software does not just redact (mask) sensitive data, it removes data entirely from documents. Therefore, we commend Facit data privacy software to you as the most effective SARs-fulfilment, GDPR privacy tool. Maintain your data privacy safely in-house, and know that when you share data with third parties, it is 100% GDPR compliant.

Besides removing confidential data, what should you do to be privacy compliant?

Identifying sensitive information 

A considerable amount of information is categorised as confidential, which means that it is not only sensitive, but also that it must be kept safe from unauthorised disclosure, according to strict regulations. 

Documents in the medical and legal professions are considered confidential, such as patient records and lawyer-client communications. Financial information also falls into the confidential category. The fact thar these types of documents fall under the jurisdiction of regulatory bodies is not surprising.

What may be less well known is that, when an individual or organisation shares information, names, faces, number plates and all personally identifiable information must remain confidential.

That is, the individual in the shot must be blurred, masked or removed. So, the first priority must be to identify all personal data and redact before sharing the content of any file.

Establish and publish privacy policies 

Best data privacy practice involves having comprehensive privacy protocols that are circulated to your staff to ensure that they know what data is kept and how to work with it compliantly. One suggestion to aid this process we would recommend is to ensure privacy policies are read by staff and send periodic reminders to ensure that data privacy remains a constant theme and uppermost in people’s minds.

Though this point may seem like common sense, events of October 2022 provide evidence that even the most senior and aware officials can forget or overlook guidelines and policies. The BBC reported that Home Secretary Suella Braverman repeatedly broke ministerial code by using a personal email address.

If someone in one of the most senior government roles can neglect to follow data privacy policies, consider your staff who have other duties to focus on, and who may be forgetful. A data policy reminder is the action of a considerate and concerned employer.

Person going through a document with pen-in-hand.

Train your staff in safe data handling

Ensure that your staff know what is expected of them when accessing or sharing data. There are many training programs such as the IT Governance site when your organisation can pay for employee training on topics such as privacy training post Brexit or more advanced courses tailored to Data Protection Officers.

Accidental data breaches can occur easily, for example, when untrained personnel act in what they perceive to be everyone’s best interest. Fulfilling a simple request for information can lead to trouble in the form of fines from the ICO or damage to a company’s reputation.

Best document data practice includes verifying the name of the data requester then subsequently removing any data that relates to anyone but the requester.

It is possible to leak data without even realising it, which includes not redacting or removing data completely such as when row of data are hidden within spreadsheets; refer to Facit’s guide on hidden data and reversible redaction.

Remind people about screen privacy

In our digital era, a lot of data appears on computer screens. It is worth reminding people who work with potentially sensitive data to keep their screens private. Passers-by could intentionally or accidentally gain access to confidential information. This also applies to video security too, since the majority of people have mobile phones with cameras or video capability, it is not difficult to capture data from a PC screen. You can buy screen cover monitors only fairly inexpensively on sites like Amazon to help mask data on screen.

In-house data management is best

The growing number of data subject access requests (DSARs) prompted some organisations to outsource documents for redaction. Other organisations experimented with cloud redaction tools.

The overwhelming majority of Data Officers now argue that in-house data privacy processing constitutes best practice. Facit’s customers, for example, suggest that the idea of data leaving their organisation’s own secure IT environment makes them nervous as it introduces unnecessary risks. You can read more about this topic over on our blog Video Processing and Cloud Challenges.

Facit’s privacy software is designed precisely to enable businesses to take full, fast and accurate control of their document data privacy management, entirely in-house but without the need for extensive hardware updates.

Implement security practices

Take a staged approach to IT security. Leading business management systems have secure passwords. They also have data access levels to ensure that only authorised personnel have access rights to the most sensitive data, for example in the Human Resources department.
Encryption is a sensible way to keep data safe. When encryption is being used, it is good practice to have your systems penetration tested periodically, to ensure that the encryption is still performing as securely as you want and expect. Read more about encryption methods on the ICO website.

Assured in-house data privacy management

Be 100% compliant when sharing data, and when fulfilling a DSAR, by removing all confidential data and personally-identifying information. Facit helps organisations worldwide to automate complex document data removal in all document formats, including emails and complex spreadsheets. Our privacy system is flexible and scalable and is designed to grow with your needs if data requests increase.