Academic Integrity in a Digital Age

So far we have understood the meaning of personal information and its privacy. It’s high time now to know how we can protect them. There are key procedures and strategies that a person can take in order to protect personal information and satisfy the security obligations of the privacy. These procedures and strategies may vary in its implementation and the impact they have on users. Individuals have to consider taking a privacy impact assessment and information security risk for new acts and practices, or changes in existing acts or practices that involve handling of personal information. The following strategies are some of the recommended security measures:

 Governance

Entities need to establish clear procedures and lines of authority for decisions regarding information security within an organization. They should have a governing body, committee or designated people/s that are responsible for managing the individual’s personal information to ensure its integrity, security and accessibility, including defining information security measures and plans to implement and maintain those measures.

Data infringements

A data infringement is a situation from which sensitive, protected or confidential information is potentially being viewed, stolen or used by an unauthorized individual. Data infringement can involve personal health information (PHI), personally identifiable information (PII), trade secrets or even intellectual property. When data infringement occurs, having a response plan that includes procedures and clear lines of authority will be of great help for individuals to control the infringements and manage their responses.

Physical security

Another protective measure is by controlling the physical security. Physical security is very important in ensuring that personal information is not accessed inappropriately. Entities need to consider which steps are necessary to ensure that physical copies of personal information are secure. It is advised that workspace itself needs to be designed to facilitate good privacy practices. For example, security and alarm systems can be used to control entry to the workplace or it is possible to access individuals’ movements from access log. Computer screens need not to be easily read by third parties. Employees working on sensitive matters need to have secure and private working space. Also the movements of physical files containing personal information need to have provision for securing them as well as all files are placed in a lockable cabinet and access to keys need to be controlled.

Personnel security and training

It is very important for Organization’s staff members to know the importance of good information handling and security practices. Training of staff is needed to avoid practices that can infringe the individual’s privacy. Staff should get training regarding ICT and communications security for such an Institution. They should also be informed of changes to policy and procedures or other workplace security requirements. Privacy training generally helps staff to avoid practices that would infringe the entity’s privacy obligations by ensuring that they understand their responsibilities.

 Workplace policies

Information privacy protection can be very effective if they are integrated within workplace policies. Policies need to be regularly regulated to ensure that they are effective and in line with the current privacy situation. Information security and handling of the personal information document need to be addressed in a single policy document and management should ensure that staffs are trained regarding their responsibilities. Management should have a clear policy that covers information security guidelines when staff members work off-site, such as from home, a secondary site office or from a temporary office.

Managing the information life cycle

Information life cycle is a process through which every written or computerized record goes through from its creation to its final archiving or destruction. Individuals who handle information need to ensure that such information is not inappropriately used or disclosed during its lifecycle. This may include ensuring that personal information does not mistakenly disclose to the incorrect individual or not lost and is disposed of appropriately when it is no longer required.

Some policies may require personal information to be retained for a specified period of time. Likewise, individuals that surpass personal information to a third party for storage; processing or destruction need to consider what steps are required to ensure that the third party will protect that information. Policies should reveal what processes the entity uses to identify customers or clients prior to disclosing their personal information by phone or in person. This may include measures that the entity can take to ensure the verification processes do not infringe the client’s privacy and emails containing personal information are sent to the intended recipient. Furthermore, measures taken during system upgrade, disaster recovery and system’ backups should be outlined in the policy document.

Standards

Standards are documents that set out specifications and procedures designed to ensure products, services and systems are safe, reliable and consistently perform the way they are intended to. Standards may be general or specific to particular industries or sectors. Examples include ISO 27000 series of information security management systems standards and ISO 31000 of risk management standards. Adopting a standard is one way that individuals can gain some confidence regarding their security practices. However, complying with a standard does not release the entity to take further steps to protect its holdings of personal information.

Regular monitoring and review

Regular review of information security measures is very important due to the fact that entity’s processes, information, personnel, applications, infrastructure, as well as changing of technology and security risk settings regularly keep on changing. Entities should regularly monitor and review the operation and effectiveness of its information security measures.