Many business owners know about situations when former employees stole client database before leaving the company. Such former staff can sell it to a future employer or use it for personal gain.
Information Security Measures in Altegio
1. Create a separate user account for each user. Altegio has a built-in logging function that allows you to track the actions of each user.
2. Close access to client phone numbers in the client base. Disable downloading your company's client database as an Excel spreadsheet. To do this, uncheck the boxes in the user access rights settings. You can do this in the Settings — System settings — Users section — User’s name — Access rights tab — Client Database section. You can find detailed instructions in this article.
After these settings, the user will see XX characters instead of phone number digits.
3. Don’t grant the user access to delete or edit client bookings in the Appointment Calendar. Detailed instructions can be found in this article.
4. Log in as users you set access rights for to check if you’re satisfied with the settings you’ve made.
More information about setting access rights can be found in this article.
5. You’ll see which user requested what data and when in the Overview — Data log section. Here you can also receive the downloaded file if you have access rights to this section (you’ll find a list with sections from which you can download files in this article).
Besides the Altegio settings, the safety of your client base is ensured by law.
Legal aspects of data protection
The client base can be classified as confidential information, which constitutes a commercial secret of the company, and its use for personal purposes without the consent of the owner of this information is prosecuted by law.
Certain conditions must be met for this information to be considered confidential.
Signs of commercial confidentiality:
- The information should be commercially valuable and should not be widely known.
- Lack of legally granted access. There are ways when access is provided voluntarily (licensing, franchising, etc.)
- Certain measures are placed to protect the confidentiality of information.
To obtain the status of commercial confidentiality its owner should follow the established procedures:
- To develop a regulation on the protection of commercial confidentiality, in which you list information related to commercial confidentiality.
- To approve by order and put into effect the regulation on commercial confidentiality.
- To approve the list of persons who can use this information (e.g., administrators, and if necessary, other staff members).
- To approve the procedure for using this information.
- To register in an employment contract or in an additional agreement to it the liability to comply with the provisions on commercial confidentiality and liability for non-compliance.
- Make all employees sign a document stating that they have read and agreed with such policies.
The nature and amount of information constituting commercial confidentiality is determined by the owner of the information. They also ensure the protection of its confidentiality.
What to do if you suspect that the client database has already been stolen?
- Contact Altegio with a request to download server logs for you. This way you’ll find out which staff member stole the database.
- Contact said employee and ask them either to return or to delete the client database.
- If the employee denies such actions, inform them that you have evidence of theft and intend to go to court with it.
- Go to court and provide web server logs.