Tom is working on a report that contains employees’ names, home addresses, and salary. Which of the following is Tom prohibited from doing with the report?
A. E-mailing it to a colleague who needs to provide missing data
B. Storing it in his locked desk drawer after working hours
C. Using his home computer to print the report while teleworking
D. Encrypting it
The Correct Answer and Explanation is:
The correct answer is C. Using his home computer to print the report while teleworking.
Explanation:
Tom’s report contains sensitive personal information, including employees’ names, home addresses, and salaries. This type of information is often classified as personally identifiable information (PII) and is subject to strict privacy regulations and organizational policies designed to protect it. Each option presented carries varying levels of risk regarding data security and confidentiality.
A. E-mailing it to a colleague who needs to provide missing data: While emailing sensitive information is generally discouraged due to the risk of interception, this action might be permissible if the email is sent securely and the colleague has a legitimate need to access the information. If proper encryption and secure protocols are used, this option can be considered acceptable.
B. Storing it in his locked desk drawer after working hours: This action is an appropriate measure for safeguarding sensitive information. Storing physical documents in a locked space helps ensure that unauthorized individuals do not have access to the report when Tom is not present. This complies with best practices for handling confidential information.
C. Using his home computer to print the report while teleworking: This is the most concerning option. If Tom uses a personal or unsecured home computer to print sensitive information, it poses a significant risk. Home computers may not have the same security measures as company-issued devices, making them vulnerable to breaches. Additionally, if the computer is shared with others, there is an increased risk of unauthorized access to the report. Organizations often have policies that restrict accessing or printing sensitive information on personal devices to mitigate these risks.
D. Encrypting it: Encrypting sensitive data is a recommended practice to enhance security. This action protects the information from unauthorized access, especially during transmission or storage. Therefore, encrypting the report is a responsible measure.
In summary, option C is prohibited because it exposes sensitive employee information to unnecessary risks associated with using potentially unsecured devices, whereas the other options can be managed through proper security practices.