The User Level: Keep Your Desk Clean!
Office space is frequented by customers, consultants, vendors, cleaning crews, maintenance and other employees. As it is crucial to protect sensitive information from disclosure, employees should be taught to not leave nonpublic personal information (also known as NPI) on their desks.
The term ”nonpublic personal information” means personally identifiable financial information –
- i. provided by a consumer to a financial institution;
- ii. resulting from any transaction with the consumer or any service performed for the consumer; or,
- iii. otherwise obtained by the financial institution.
Nonpublic information includes:
- Social Security numbers
- Credit card or debit card numbers
- Bank account numbers
- Employment records
- Applications, contracts, or other agreements
- Account balances
- Income tax records
- Intellectual property
- Other sensitive, confidential or protected data (e.g.personally identifiable information such as name, address, or other easily traceable identifiers)
You should remind your employees about not leaving nonpublic information on their desks on a period basis. Reminders can be in the form of an e-mail, memo, or during an employee meeting. In addition, you should also do periodic walk-throughs of offices looking for nonpublic information on desks (when the employees are out) to test for adherence to the clean desk policy.