1. Authorization
2. Delivery
3. Usage
4. Storage
5. Destruction

Research indicates access to confidential documents is mostly granted without data owners’ prior approval. Sometimes, this is due to undefined owners. IT organizations should ensure data owners are identified and their authorization is sought prior to granting access or distributing “confidential” documents outside the organization. This will ensure data owners are aware of the need, benefits, and risks of giving access to third parties.

Research shows confidential document delivery is performed on ad hoc basis, favoring convenience instead of security. IT organizations should establish distribution policies (e.g., by secure mail, by hand, by encrypted e-mail). Recipients should be made aware of the document delivery medium and be requested to acknowledge receipt.

1) Upon document delivery, the conditions of use should be stated to recipients (e.g., it cannot be distributed or shared with third parties without the owner’s prior authorization). The implications of not adhering to the conditions for use should also be clearly declared.

2) Recipients must be made aware of the best practices for storing confidential documents (e.g., they cannot be stored on laptops or publicly available PCs).

3) Conditions of use should emphasize the exigent need for destroying the document once the need for access is fulfilled. Given this, recipients should be requested to return the document to the sender or destroy it in accordance with supplied guidelines. The ramifications for not doing so should also be affirmed.

www.bestitdocuments.com