Which of the following policy statements needs additional instructions in order to further protect the personal data of their clients?

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather’s law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office’s strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients’ personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year’s end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

Which of the following policy statements needs additional instructions in order to further protect the personal data of their clients?
A . All faxes sent from the office must be documented and the phone number used must be double checked to ensure a safe arrival.
B . All unused copies, prints, and faxes must be discarded in a designated recycling bin located near the work station and emptied daily.
C . Before any copiers, printers, or fax machines are replaced or resold, the hard drives of these devices must be deleted before leaving the office.
D . When sending a print job containing personal data, the user must not leave the information visible on the computer screen following the print command and must retrieve the printed document immediately.

View Answer

Answer: B

Explanation:

The policy statement that needs additional instructions in order to further protect the personal data of their clients is: All unused copies, prints, and faxes must be discarded in a designated recycling bin located near the work station and emptied daily. This policy statement is insufficient because it does not specify how the unused copies, prints, and faxes should be discarded. Simply throwing them into a recycling bin may expose them to unauthorized access or theft by anyone who has access to the bin or its contents. Furthermore, emptying the bin daily may not be frequent enough to prevent accumulation or overflow of sensitive documents.

To further protect the personal data of their clients, this policy statement should include additional instructions such as:

All unused copies, prints, and faxes must be shredded before being discarded in a designated recycling bin located near the work station.

The recycling bin must be locked or secured at all times when not in use.

The recycling bin must be emptied at least twice a day or whenever it is full.

These additional instructions would ensure that the unused copies, prints, and faxes are destroyed in a secure manner and that the recycling bin is not accessible to unauthorized persons or prone to overflow.

The other policy statements do not need additional instructions, as they already provide adequate measures to protect the personal data of their clients. Documenting and double-checking the phone number for faxes ensures that the faxes are sent to the correct and intended recipient. Deleting the hard drives of copiers, printers, or fax machines before replacing or reselling them prevents data leakage or recovery by third parties. Not leaving the information visible on the computer screen and retrieving the printed document immediately prevents data exposure or theft by anyone who can see the screen or access the printer.