How to Implement a Clean Desk Policy
Over the years, there have been different arguments made for and against a clean desk policy in the workplace.
Some people say it stifles creativity, and de-personalizes the workplace.
Others say it relays an air of competence to outsiders, and helps make all employees feel more organized.
Most recently, it has been given the thumbs up because it accommodates ‘hot desking’, which is the practice of using desks according to need rather than assigning permanent spots.
But the most important reason today for a clean desk policy is information security – and there’s no argument there.
By definition, a clean desk policy specifies how employees should leave their working space when they aren't there. Sensitive information must be protected at all times from anyone who may pass by including other employees, cleaners, and office visitors.
Desks should be cleared of all papers including post-it notes, paper with sensitive information such as account numbers, and non-essential documents. The policy also pertains to sensitive information on computers.
In effect, a clean desk policy is one of the simplest ways to protect sensitive information and to reduce the risk of a data breach and identity theft.
A clean desk policy also complies with information security regulations. In the U.S., federal privacy laws include FACTA, HIPAA/HITECH, Gramm Leach Bliley and Sarbanes Oxley.
Here are important aspects of a clean desk policy:
Put the policy into writing, and distribute copies to all employees.
Be sure there is buy-in at the executive level. The senior team must follow and advocate the policy.
Explain exactly what is expected of employees. For example, when away from the desk, all sensitive information must be removed from the desk surface and filed or locked up; also, switch on the computer’s password-protected screen saver.
Make it part of the workday. Suggest employees start the day by planning and organizing documents needed for their immediate work. If an employee has to leave to attend a meeting or take a break, do a quick check first to see if there is sensitive information on the desk – and secure it. Always leave a clean, clear desk at the end of the day.
The workplace should provide clean desk tools. Equip desks with lockable drawers, or provide small lockable storage boxes so employees can lock up printed documents that may contain confidential data.
Encourage electronic over paper documents when possible. Have a routine back-up system in place for secure electronic document management.
Make it easy for employees to keep their desks free of paper by partnering with a document shredding company for document disposal. Locked consoles should be placed in convenient places in the office and documents should be shredded on a regular basis. Remind employees that sensitive documents should never be put into the garbage or recycling bin.
Provide friendly reminders. For example, add a tagline to email signatures such as ‘Please consider the environment before printing this email’. Hang up reminder signage in key areas of the office. Distribute desk tent reminders.
Appoint one or more employees to monitor office areas. There should be consequences for policy non-compliance.
Learn more about how to increase the security of information in your office with a clean desk policy.