It's unfortunately not uncommon for business owners to have had former employees steal their client database before leaving the company. In these cases, the ex-employees may try to sell the database to a future employer or use it for personal gain. This is why it's essential to implement strict access controls and security measures to protect your sensitive data.
Information Security Measures in Altegio
1. Create a separate user account for each employee in Altegio, and ensure that each user's access rights are appropriate for their role. Altegio has a built-in logging function that allows you to track the actions of each user, so you can monitor who is accessing your client data.
2. Limit access to sensitive information in the Client Database. For example, consider disabling the ability to view or download client phone numbers in Excel format. You can do this by adjusting the user access rights in the Settings — System settings — Users section — User’s name — Access rights tab — Client Database section. For more detailed instructions, see this article.
After these settings, the user will see "XX" characters instead of phone number digits.
3. Don’t grant the user access to delete or edit client bookings in the Appointment Calendar. Detailed instructions can be found in this article.
4. Log in as each user whose access rights you have set to verify that the settings are appropriate and working as intended. This can help ensure that each user has the necessary access to perform their job duties and that confidential information is adequately protected.
More information about setting access rights can be found in this article.
5. In the Overview — Data log section, you can view a log of all the data requests made by the users and the exact time when the request was made. This way, you can keep track of who accessed what data and when. If you have the necessary access rights, you can also download the requested file directly from this section. For more information on the sections from which you can download files, please refer to this article.
Apart from the safety measures in Altegio, it is important to note that the protection of your client's data is also governed by laws and regulations.
Legal aspects of data protection
The client base contains confidential information that constitutes the commercial secret of the company. Using it for personal purposes without the owner's consent is against the law and may result in prosecution.
However, certain conditions must be met for the information to be considered confidential, and it must be stored and processed according to current legislation.
Commercial confidentiality can be claimed for a client base if it meets certain criteria. These include:
• The information must be commercially valuable and not easily accessible to the public.
• There should be no legally granted access to the information, except for cases where access is provided voluntarily, such as through licensing or franchising agreements.
• Appropriate measures should be taken to protect the confidentiality of the information, such as password-protected access, encryption, or physical security measures.
To obtain the status of commercial confidentiality, the owner should follow the established procedures:
1. Develop a regulation on the protection of commercial confidentiality, which should list the information related to commercial confidentiality.
2. Approve the regulation on commercial confidentiality and put it into effect.
3. Approve the list of persons who can use this information, such as administrators and other staff members if necessary.
4. Approve the procedure for using this information.
5. Register in an employment contract or in an additional agreement to it the liability to comply with the provisions on commercial confidentiality and the liability for non-compliance.
6. Make all employees sign a document stating that they have read and agreed with such policies.
The nature and amount of information constituting commercial confidentiality is determined by the owner of the information. They also ensure the protection of its confidentiality.
If you suspect that your client database has been stolen, there are several steps you can take to address the situation.
First, contact Altegio and request that they download server logs for you to determine which staff member may have stolen the database. Next, contact the suspected employee and request that they return or delete the database. If they deny any wrongdoing, inform them that you have evidence of theft and that you may take legal action. Finally, if necessary, you can go to court and provide the web server logs as evidence. It's important to take swift and decisive action to protect your company's data and reputation.