Policy on Finding Inappropriate Data on a Client’s Computer

Effective Date: 12/06/2023

1. Introduction:

At CyberSecurity Plus, we prioritise maintaining the confidentiality, integrity, and security of our clients’ data. This policy outlines the procedures and guidelines for handling and reporting inappropriate data discovered on a client’s computer during the course of our services. Inappropriate data refers to any content or information that violates applicable laws, regulations, or ethical standards, including but not limited to illegal or offensive material.

2. Professional Conduct:

a. Our employees and contractors are expected to adhere to high professional standards and ethical guidelines when accessing and reviewing client data. They must treat all client information with strict confidentiality and respect the client’s privacy.

b. Employees and contractors must not use or disclose any inappropriate data they encounter during their work for personal gain or any purpose that is not directly related to fulfilling their professional duties.

3. Discovering Inappropriate Data:

a. In the event that an employee or contractor encounters inappropriate data during their work on a client’s computer, they must adhere to the following procedures:

• Immediately cease any further review or access to the inappropriate data.
• Document the specific nature of the inappropriate data, including any relevant details or context that may be necessary for reporting purposes.
• Refrain from altering, deleting, or tampering with the inappropriate data unless specifically directed to do so by authorised personnel for legal or investigative purposes.

b. Employees and contractors should exercise discretion and professional judgment when assessing the appropriateness of data. If in doubt, they should consult with their supervisors or the designated point of contact within the organisation.

4. Reporting Procedure:

a. Employees and contractors must promptly report the discovery of inappropriate data to their immediate supervisor or the designated point of contact within the organisation. The report should include:

• Detailed information about the inappropriate data discovered, including file names, locations, and any additional relevant information.
• Date and time of discovery.
• The client’s identity, if known.

b. The supervisor or designated point of contact will escalate the report to the appropriate internal department or authority for further investigation and resolution.

c. Employees and contractors should refrain from discussing or disclosing the inappropriate data to unauthorised individuals or parties outside the organisation, except as required by law or authorised by the client.

5. Client Communication and Cooperation:

a. CyberSecurity Plus will maintain open and transparent communication with the client regarding the discovery of inappropriate data on their computer system, subject to legal and contractual obligations.

b. We will work closely with the client to address and resolve the situation promptly and effectively, in accordance with applicable laws and regulations.

6. Legal Compliance:

a. CyberSecurity Plus will comply with all relevant laws and regulations governing the handling, reporting, and resolution of inappropriate data discovered on a client’s computer.

b. We will cooperate fully with law enforcement authorities, regulatory agencies, or other authorised entities in the investigation and prosecution of any illegal activities related to the discovered inappropriate data.

7. Training and Awareness:

a. We will provide appropriate training and awareness programs to our employees and contractors to ensure their understanding of this policy and their responsibilities in handling and reporting inappropriate data.

b. Regular training sessions and updates will be conducted to reinforce the importance of ethical behavior, client privacy, and the proper handling of sensitive information.

8. Policy Violations:

a. Any violation of this policy may result in disciplinary action, up to and including termination of employment or contractual agreement, in accordance with our internal policies and procedures.

b. Suspected policy violations should be reported to the appropriate channels within the organisation.

9. Policy Review:

This policy will be reviewed periodically to ensure its continued effectiveness and relevance. Updates or modifications will be made as necessary to reflect changes in laws, regulations, or organisational requirements.

10. Contact Information:

For questions or concerns related to this policy or the handling of inappropriate data, please contact Ivan on 07923 007080 or email support@cybersecurityplus.co.uk

Please note that this policy does not replace or override any legal or regulatory obligations, and it is subject to applicable laws and regulations.