We all have that coworker (or maybe we ARE that coworker) with the messy desk. Stacks of papers, post-it notes, pens, pencils, note tablets, folders, daily calendars, and any number of objects are strewn across the entire surface of the desk. This isn’t necessarily bad; some people work better with this seemingly haphazard style of organization.
While it may sound like a clear desk policy is an attempt to get this coworker to finally straighten up, it’s much more than that. In fact, a clear desk policy is not about aesthetics as much as it is about security. And in an age where information leaks can ruin a business, data security is something every employee should take seriously.
What is a clear desk policy and why is it important?
Also known as a clean desk policy, a clear desk policy is almost exactly what it sounds like: it directs how a workspace should look whenever it is not occupied by an employee. For some companies, this type of policy is in effect throughout the workday to convey a sense of professionalism and modernity to visitors and staff alike. At its core, though, a clear desk policy is ultimately about protecting information.
At any given time, someone could have sensitive information either written on paper or open on a computer. Anything from proprietary information to personally identifying information to financial data is at risk if it isn’t handled properly. Protecting this information is already part of the culture in some industries, such as those that require compliance with FACTA or HIPAA regulations.
Even if your business isn’t in the financial or medical industry, there are still plenty of reasons to consider a clear desk policy. For instance, retail shops may have credit card information from phone orders. A restaurant could have employment applications with personally identifying information on them. Graphic designers may have confidential client information written in a notebook. These are all opportunities for information theft, no matter how accidental the oversight is.
In fact, while we often think of information theft as the result of digital security breaches, that’s not always true. Recent research from the University of Texas at Austin found that about half of identity theft incidents are the result of “analog” sources, such as paper documents. They also discovered that 34% of those cases were inside jobs, meaning an employee or family member was responsible for the theft.
In other words, of the estimated 60 million Americans who have been victims of identity theft, it’s likely that 30 million of those cases were non-digital thefts. And that’s just identity theft; those numbers don’t include other important business information like client lists, trade secrets, or financial information.
Writing a clear desk policy
Like any company policy, if it isn’t written down, it doesn’t exist. Whether you have one employee or one thousand employees, written policies help everyone comply with expectations. There isn’t as much room for ambiguity, plus a written policy forces you to think through what your goal is, be that going digital and using less paper, information security, creating a particular customer/client experience, or some combination thereof.
It’s important to customize your policy to fit your situation, but at a minimum, be sure to include these points in your policy:
- Don’t leave your desk with unattended information. File or lock papers in a locked drawer. Lock and password protect computers.
- Use electronic documents whenever possible.
- Always file and lock sensitive information immediately after use.
- Destroy documents and hard drives you no longer need.
- Always remove documents from meeting rooms, including erasing any information on white boards or flip charts.
- Remove any confidential information from your desk whenever you aren’t using it.
As a business owner or manager, instituting a clear desk policy only works if you make it possible for your employees to comply.
- Make sure your team has locking desk drawers or locking file cabinets for information.
- Make it easy to destroy sensitive documents that your employees no longer need.
- Ensure there is time in the workday to follow through with properly filing and locking documents and computers.
The easier you can make it for your team to follow the policy, the more likely it is that information remains secure.