Information & Technology Department.

Data Protection Policy

TABLE OF CONTENTS
5. DATA CLASSIFICATION
5.1................................................................CONFIDENTIAL DATA
5.2.........................................................OFFICIAL BUSINESS DATA
5.3........................................UNRESTRICTED COMMON SHARED DATA
5.4........................................................... PERSONAL DATA FOLDER
6. STATEMENT OF POLICY
B. DATA SAFEGUARDS.

6.1........................................................................DATA FOLDER
6.1.1. DATA FOLDER;
6.1.2.SERVER (SHARED) FOLDERS;
6.1.3.DEPARTMENTAL (SHARED) FOLDERS;
6.1.4.COMMON FOLDER;
7. BEST PRACTICE GUIDELINES
7.1................................................NETWORK STORAGE GUIDELINES:

This policy covers Protection of data that is owned or acquired by the ABPT and specific
roles and functions for individuals that govern the data

Also, this policy primarily

addresses to the Integrity, management, transmission, use, availability and security of

the ABPT data.

2. Purpose
The purpose of this policy and guidelines document is to improve the integrity,
management, storage, transmission, usage and security of the ABPT Business data. It
also provides instructions and safeguards for managing data by adopting an Data
Protection policy based

on

assigned

data classification and the

level

of

data

privacy, confidentiality, unauthorized access and Inappropriate use of data.

This policy governs the privacy, security, and integrity of ABPT data, especially
confidential data, and the responsibilities of ABPT Departments and Employees to
guard against unauthorized or unlawful processing of Business data.
Version

1.0

Issue Date

November 18, 2013

File Name:

Laptop

Information & Technology Department.

Data Protection Policy

This Policy and Guideline is applicable to all users of the ABPT Co. Ltd, Who uses
centralized network file storage, Business shared Data over the ABPT
Network.

All ABPT data are classified into three levels of sensitivity, Confidential, Official
Business, and Unrestricted. Once data has been classified, appropriate ate safeguards
are implemented to protect data from theft, loss, and/or unauthorized disclosure, use,
access, and/or destruction.
Confidential Data: Confidential data are considered the most sensitive and require
the highest level of protection. Confidential data includes data that the ABPT must
keep private under Companys Rules and Regulation, contractual arrangements, or
based on its proprietary worth. Confidential data may be disclosed to individuals on a
strict need-to-know basis only.
Official Business Data:

Official Business data is generally private to the ABPT.

Access is limited to Department and it is not generally available to any other

Department or external users.
Unrestricted Common Shared Data:

Unrestricted Data has no legal or other

restrictions on access or usage and may be open to the users

A.

General
1. General.

All

members

of

the

ABPT

have

responsibility

to

protect

the

confidentiality, integrity, and availability of data generated, accessed, modified,

transmitted, stored, or used by the ABPT, irrespective of the medium on which
the data reside and regardless of format (such as in electronic, paper, or other
physical form).
2. All Users of the ABPT Co have a responsibility to protect the confidentiality,
integrity, and availability of data generated, accessed, modified, transmitted, stored,
or used by the ABPT Co, irrespective of the medium on which the data
reside

and

regardless

of format (such as in electronic, paper, or other physical

form).
Version

1.0

Issue Date

November 18, 2013

File Name:

Laptop

Information & Technology Department.

Data Protection Policy

3. Any Electronic data used in an ABPT system must be kept confidential and secure by
the user. The fact that the data may be stored electronically does not change the
requirement to keep the information confidential and secure
4. As defined by the Data Access Policy, sensitive data is information that is considered
confidential and should be guarded from disclosure; disclosure of the information
may contribute to financial fraud or can use for competitor / personal gain.
5. All

departments

must

carefully

assess

the

risk

of

unauthorized

alteration,

unauthorized disclosure or loss of the data for which they are responsible.
6. Users must respect ABPT data confidentiality and others privacy. And are responsible
for upholding the confidentiality, integrity and safeguarding of data to which they
have access.
7. In receiving access to privileged or sensitive data, authorized users accept
responsibility to protect the information accessed and used on their computer.
8. Attempts to gain unauthorized access to private information will be treated as
violations of privacy, even if the information is publicly available through authorized
means.

9. External Hard Drives/USB Drive: special access should be required to copy business data on
External hard drives including USB drives any Information or Business Data obtained through
special privileges is to be treated as confidential.

Note:
Access to copy Business Data on External Hard Drives/USB Drive is restricted however users
can access data from External Hard Drives/USB Drive which required Special access
permission.
B.

DATA SAFEGUARDS.
Departments must classify data into the appropriate category. ABPT Data are assets
belonging to the ABPT Co and should be classified according to the risks associated
with the data being stored or processed. Confidential Data are considered the most
sensitive and require the highest level of protection to prevent unauthorized
disclosure or use. Data which are not confidential may be given proportionately less
protection.

Version

1.0

Issue Date

November 18, 2013

File Name:

Laptop

Information & Technology Department.

Data Protection Policy

This policy provides examples of safeguards. However, departments may implement
procedures more restrictive than the ones identified in this policy.

1. General Safeguards for All Data

a) Data must be protected in accordance with the security controls specified for the
classification level that it is assigned.
b) Destruction of data (electronic or physical) or systems storing data must be done
in accordance with the ABPT Disposal Policy.
c) Before systems or media are reused they should be Backup & erased according to
ABPT guidelines to ensure no residual data.

2. Safeguards for Confidential Data

a) Must be protected to prevent loss, theft, and/or unauthorized access,
disclosure, modification, and/or destruction.
b) When stored in an electronic format must be protected with strong passwords
and stored on servers that have protection and encryption measures.
c) May only be disclosed on a strict need-to-know basis and consistent with
applicable ABPT policies.
d) Must not be posted on any website unless secured authentication methods are
used.

3. Safeguards for Official Business Data

a) Must be protected to prevent loss, theft, and/or unauthorized access,
disclosure, modification, and/or destruction.
b) May only be disclosed to members of the ABPT Department who have a
legitimate purpose for accessing such data.
c) Must not be posted on any public website unless secured authentication
methods are used.

4. Safeguards for Unrestricted Common Data

Unrestricted common data are available to all users of the ABPT Co. While the
requirements for protection of Unrestricted Data are less restrictive than for Official
Business Data, protection considerations should be applied to maintain data integrity
and prevent unauthorized modification of such data. Safeguards for Unrestricted
Data may include:
Version

1.0

Issue Date

November 18, 2013

File Name:

Laptop

Information & Technology Department.

Data Protection Policy

7. Best Practice Guidelines

A. User Data Guidelines

7.A.1. Helpdesk can never guarantee data recovery but can try best effort to do so.

B.

Network Storage Guidelines

7.B.1. If individual or departmental needs arise for storage for legitimate business needs,
your designated IT Support should be contacted to assist with the request.

7.B.2.

Version

1.0

Issue Date

November 18, 2013

File Name:

Laptop