A very informative loom update 12-Jan-2021:
https://www.loom.com/share/e26cae199a0442dc8ec5fb818a71997b
General idea: Handle Remote data as if it was your financial information. You shouldn't share it with everyone and, if you share it, you should know why they need it and what they will do with it.
<aside>
💡 You can read more about personal data, its definition and examples here: https://www.notion.so/remotecom/Personal-Data-Definition-Examples-5dfa8fd5104f45de925e0d066a04605f.
</aside>
Slack, Notion, Asana, Hubspot
- Don't share PII (Personally Identifiable Information) like ID (identity document) numbers, CC (credit cards), customer and employee data, etc. directly in these tools (read Information handling for guidelines to do it)
- Use the employee's URL or Employee ID found in Employ in all public places
- Don't share restricted files directly. We should upload the files to GDrive, restrict access to that file/folder to the people who need it, and share the link in our internal tools.
- Do not install Slack bots or Asana tools or any other add-ons for whatever purpose - they have access to our data and may lead to a security breach for which Remote will be entirely liable.
- Do not expose/leave our tools open if in a public space.
- Lock the computer when you need to leave it unsupervised(Command+Control+Q can be used as quick shortcut on Mac).
Information handling
- If you have to share files containing restricted information (such as PII) don’t do it over Email, Slack, or other tools please upload it to GDrive, grant the recipient the proper rights (view/edit), and share the link with them. USE DRIVE LABELS!
- For new hires joining Remote, a lot can happen before their start date. We don't want to reveal their identity until approx. one week before their start date to enable their onboarding. Until one week before their start date, use only their first name and first letter of last name at most when referring to the new hire in a public place (Asana, Slack, Notion). Use Greenhouse and Employ links for all other PII data.
- For sensitive files, please only share access with the people who need it: don't use sharing settings like "anyone with the link" or even "anyone at Remote".
- Never send or forward e-mails with PII to personal e-mail accounts.
- If you are sending documents with sensitive information in emails, password protect it and send the password in a separate email.
-
If you must send an email with sensitive information, send the password protected by SMS passcode in Confidential Mode.
-
How to password protect a document?
- We also have a secure service to share sensitive information with third-parties. Read more about it on ‣