Does the UAE have any laws concerning the protection of personal and confidential organizational information?

Yes, the UAE has laws pertaining to the privacy and protection of personal and confidential organizational information. Any willful and unauthorized disclosure of such information may result in legal or civil action. When in doubt seek advice from your organization’s legal representative regarding which information can be disclosed and to whom. For more information refer to UAE cyber crime law -02/ 2006/sub-article 2-2 and 2-3.

I often take business partners and clients to lunch, and we frequently discuss business issues. Is there anything I should consider when discussing work issues in a public place?

You should always be aware of your surroundings when you are discussing work-related issues with colleagues or business partners. If you will be discussing sensitive issues, you should ask for a table that is out of the way, or even better, a private room. If you find that you are in a situation in which you could be overheard, and the conversation turns to sensitive areas, suggest that you continue the conversation when you return to your office.

I am working on a project that is going to require that some of the work be done by an outside contractor. What should I consider before exchanging confidential information with them?

Prior to exchanging information with a party outside of your company, you should make sure that you have a Non-Disclosure Agreement (NDA), also known as a confidentiality agreement. An NDA is a legal agreement between your company and the outside party that outlines what information that needs to be shared that may be considered confidential or proprietary. It should also outline what steps need to be taken in order to ensure that this sensitive information is properly protected. Consult with your organization’s legal team for further advice on this matter.

I am working with a contractor from outside my company on a project, and need to exchange sensitive information with them that is covered under our NDA. What steps should I take to ensure the information is protected?

You should keep in mind that some of the most common tools we use to exchange information, such as E-mail and Instant Messaging, send information across the Internet in an unencrypted manner. This means that any person between you and the recipient could read that information. In order to ensure that confidential information is protected, you should use encryption on your E-mails and any files that you send. This can be accomplished through the use of Public Key cryptography programs which are readily available. Check with your IT department to find out if your company has adopted any particular form of encryption for these exchanges.

Who is responsible for determining the classification of my organization’s information?

Classification of information is ultimately the job of the person creating the content. Most organizations will have a written data classification policy, and you should be familiar with it. Some organizations may even have a team that can assist you with this task. However, you as the content author should be sure to follow your organization’s data classification policy.

I have been following my company’s recycling program, and placing all printouts that I make in the recycling bin. I assume someone sorts it out at the end of the day. Should I be concerned about this?

Yes, you should be concerned. It is primarily up to you to ensure that sensitive information that you handle is disposed of correctly. Any printed material that you believe contains sensitive or confidential information should be shredded. If you are unsure as to whether it contains sensitive or confidential information, it is best to err on the side of caution, and shred it.

What should I do at the end of each day when I leave my desk?

A good policy to adopt is a “clean desk” policy. At the end of each day, make sure that all papers you were working on, regardless of how sensitive they may be, are stored in a locked container or properly disposed. This way you can ensure that you do not inadvertently leave sensitive information unprotected when you leave your desk for a significant period of time.

I travel frequently, and am concerned about working on my laptop on the airplane, as other people can easily see what I am doing. Is there any way to prevent others from looking over my shoulder to see what I am working on?

When you are working in public places, it is important to be mindful of your surroundings. In addition, you can purchase a privacy screen for your laptop. This is a filter that goes over your laptop screen and limits the view angle. This makes it difficult for others near you
to see what you are working on.

What should I do at home to protect my hardcopy personal information?

A common way for thieves to get your personal information is by going through your rubbish. You should destroy any papers that contain personal information before throwing them away. This includes bank statements, credit card statements, and invoices. The best way to do this is by using a cross-cut shredder. Home use versions of these shredders are available at office supply stores.

What other steps can I take to protect my personal information online?

In addition to protecting your hardcopy information by shredding it, you should also protect your electronic personal information by:

Not responding to E-mails requesting personal information