Compliance in the workplace plays a key role in data protection and safety. For many organizations, their biggest departments, such as customer support, are exposed to the end users and their sensitive data that is trying to be protected. These departments are not only exposed to sensitive data, but they receive a minimal amount of training in comparison to the knowledge held by those with key roles in risk and fraud departments.
One of the main new factors regarding PCI-DSS 3.0 is implementing fraud awareness and data safety to be a part of normal working procedures. We have brought together 4 procedures and suggestions that can be used to help enforce data safety and awareness in the work place.
Regulatory training:
PCI-DSS 3.0 states that regular training sessions have become more common, in comparison to yearly refresher courses. As most organizations carry out an annual AML and Fraud test for all workers, it is best to have those who deal first-hand with sensitive data to go through regulatory training more often. Weekly or monthly training sessions with an internal compliance officer or with the head compliance officer, helps with bringing awareness to the sensitive material that they are exposed to.
Some organizations that deal with sensitive data and large departments have instilled daily or weekly questionnaires that need to be answered before a shift. This can help with providing more awareness, and can give you a better scope of the situation regarding the understanding of internal procedures.
Internal compliance officer:
Appointing someone from the managerial staff to act as an internal compliance officer helps with regulating security and compliance procedures within departments. The internal officer would be the one who helps with in-department training, and can be responsible for enforcing regulations and practices to assist in data safety.
This person would be in close contact with the risk and compliance departments, and should be updated on a regular basis on new procedures and protocols.
Anonymous outlet for reports and complaints:
Not everyone performs how they are expected to. Some may practice data safety procedures more than others, and those employees cannot be micromanaged all the time. One way you can get reports on those employees who do not work according to the set regulations is from the rest of the staff. One of the main issues is that most employees do not want to betray their fellow staff members. Creating an outlet where staff can report on security issues caused by other members of their department helps with pinpointing problematic employees, and also helps make sure that they receive proper training.
Promoting awareness:
Create awareness through posters and regular emails on the procedures that need to be carried out in order to make sure that data remains safe. Indicating the importance of data safety and security with bullet-points not only helps with reminding the staff of security importance, but also helps with making data security become more common in the workplace, and part of everyday business.
Posters in the kitchen and around the water cooler, with regular reminders and updates from the risk department can all help keep data safety at high priority.
With the new regulations brought on by PCI-DSS 3.0 it is as important as ever to make sure that data safety is part of every working environment in your organization, even if your are not certified, just to keep your mind at ease.
Photo courtesy of Flicker