General idea: Handle Remote data as if it was your most sensitive finantial or personal information. You shouldn't share it with everyone and, if you share it, you should know why they need it and what they will do with it.
All Remoters are obliged to know, periodically accept and follow the Information Security Policies (here).
Data Classification Policy
Remote has a Data Classification and Handling policy to provide the guidelines for classification Remote’s and Personal data. It also includes Data Owners and pre-classified information. Full policy here.
<aside>
💡
More information on those can be found in the following pages:
‣
‣
</aside>
Slack, Notion, Hubspot
- Don't share PII (Personally Identifiable Information) like ID (identity document) numbers, CC (credit cards), customer, employee, candidate personal data, etc. directly in these tools (read Information handling for guidelines to do it).
- Use the employee's URL or Employee ID found in Employ in all public places.
- Don't share restricted files directly. We should upload the files to GDrive, restrict access to that file/folder to the people who need it, and share the link in our internal tools.
- Do not share Notion documents directly to the public. If you need to collaborate with external users (vendors, customers, partners, etc), contact
#it-help who can set up a Teamspace for this purpose.
- Do not install Slack bots, tools, or any other add-ons for whatever purpose - they have access to our data and may lead to a security breach for which Remote will be entirely liable.
- Do not expose/leave our tools open if in a public space.
- Lock the computer when you need to leave it unsupervised(Command+Control+Q can be used as quick shortcut on Mac).
<aside>
💡
More information on those can be found in the following policies:
</aside>
Information handling
- If you have to share files containing restricted information (such as PII) don’t do it over Email, Slack, or other tools please upload it to GDrive, grant the recipient the proper rights (view/edit), and share the link with them. USE DRIVE LABELS!
- For new hires joining Remote, a lot can happen before their start date. We don't want to reveal their identity until approx. one week before their start date to enable their onboarding. Until one week before their start date, use only their first name and first letter of last name at most when referring to the new hire in a public place (Asana, Slack, Notion). Use Greenhouse and Employ links for all other PII data.
- Never send or forward e-mails with PII to personal e-mail accounts.
- Don't transfer data to external drives or use hard copies.
- Be aware of what you disclose when you share your screen.