Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Copyright, disclaimer and confidentiality blurbs on reports - do you add them? 1
- Thread starter Jacque
- Start date
![[blues]](/data/assets/smilies/blues.gif "[blues] [blues]")
- Thread starter
- #3
-
1
- #4
I don't want to give the company I work for, but it is a cellular provider.
All emails have a blurb similar to this...
All documents need to have copyright and confidentiality information on one of the first pages. The confidentiality rates the document depending on what information is in it. We handle a lot of payment cards, so we're subject to PCI DSS (Google it). We have a specific set of rules for protecting both payment card, and customer personal information. All employees are trained and tested on it at least once per year.
In addition to the notice on the first page, every page after that will have a small confidentiality blurb at the bottom of the page.
All source code written has a text block at the top indicating what it is, who wrote it, when, what it does, and COPYRIGHT information. Software is mostly concerned with copyrights, which is to enforce the company's ownership of the code, but there can also be confidentiality of the source if it deals with sensitive information (customer personal, payment card, security vulnerabilities, etc).
And I think there's even more. Fortunately it's easy to just copy/paste from other documents. Once you start doing it, it's easy to keep doing it.
You being in health care, you are primarily governed by HIPAA. Being in Revenue, you are probably governed by quite a few regulations related to both healthcare finance and financial accountability in general. State laws may apply.
I just re-read your original post, and as far as putting something on the bottom of printed reports, yes, I recommend that for two reasons. One, you should clearly state the confidentiality of the information on the report, and two you should also clearly state the source of the report. The reason you should state the source is that there is a legal concept of "system of record" (SOR). You may be reporting from a system of record, which means the information in the report is coming from an authoritative source and has more legal standing, or you could be reporting from a system that has copies of data, but is not considered a SOR. It may be perfect data, but it's lacking the authority of data reported from a SOR.
My company has more lawyers than some companies have employees, so things like this become important. If the company you work for has a legal department, I would run the question by them. That will cover you multiple ways.
All emails have a blurb similar to this...
All documents need to have copyright and confidentiality information on one of the first pages. The confidentiality rates the document depending on what information is in it. We handle a lot of payment cards, so we're subject to PCI DSS (Google it). We have a specific set of rules for protecting both payment card, and customer personal information. All employees are trained and tested on it at least once per year.
In addition to the notice on the first page, every page after that will have a small confidentiality blurb at the bottom of the page.
All source code written has a text block at the top indicating what it is, who wrote it, when, what it does, and COPYRIGHT information. Software is mostly concerned with copyrights, which is to enforce the company's ownership of the code, but there can also be confidentiality of the source if it deals with sensitive information (customer personal, payment card, security vulnerabilities, etc).
And I think there's even more. Fortunately it's easy to just copy/paste from other documents. Once you start doing it, it's easy to keep doing it.
You being in health care, you are primarily governed by HIPAA. Being in Revenue, you are probably governed by quite a few regulations related to both healthcare finance and financial accountability in general. State laws may apply.
I just re-read your original post, and as far as putting something on the bottom of printed reports, yes, I recommend that for two reasons. One, you should clearly state the confidentiality of the information on the report, and two you should also clearly state the source of the report. The reason you should state the source is that there is a legal concept of "system of record" (SOR). You may be reporting from a system of record, which means the information in the report is coming from an authoritative source and has more legal standing, or you could be reporting from a system that has copies of data, but is not considered a SOR. It may be perfect data, but it's lacking the authority of data reported from a SOR.
My company has more lawyers than some companies have employees, so things like this become important. If the company you work for has a legal department, I would run the question by them. That will cover you multiple ways.
- Thread starter
- #5
![[thanks2]](/data/assets/smilies/thanks2.gif "[thanks2] [thanks2]")
Oh, thanks! ![[bigsmile]](/data/assets/smilies/bigsmile.gif "[bigsmile] [bigsmile]")
One other thing on putting confidentiality on reports, it helps people know to protect the report and how to dispose of the report. Our lowest ranking is "Publicly Available Information". That is, things like pricing plans and such that anyone could go to our website and get. To dispose of a report with that ranking, you can just throw it in a trash can. For something with sensitive data in it, it needs to be marked as Confidential or Sensitive (or whatever your rankings are) and that lets people know not to leave it on their desk at night for the cleaning people to see, and to put it in the shredder bins when they're getting rid of it. There are still plenty of dumpster divers out there and you don't want to give them "treasures" to find.
One other thing on putting confidentiality on reports, it helps people know to protect the report and how to dispose of the report. Our lowest ranking is "Publicly Available Information". That is, things like pricing plans and such that anyone could go to our website and get. To dispose of a report with that ranking, you can just throw it in a trash can. For something with sensitive data in it, it needs to be marked as Confidential or Sensitive (or whatever your rankings are) and that lets people know not to leave it on their desk at night for the cleaning people to see, and to put it in the shredder bins when they're getting rid of it. There are still plenty of dumpster divers out there and you don't want to give them "treasures" to find.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question