Removing hidden and personal data when checking documents, presentations or books. New Document Inspector features for Excel, PowerPoint and Word

There is no doubt that secret, confidential information needs to be protected. Throughout its existence, humanity has invented various ways, which could prevent or at least significantly complicate access to this information, as well as encryption systems. In the 20th century, new digital technologies for accumulating, storing and transmitting information appeared. Computer systems have made it possible to type, edit, check spelling and spelling, convert and transmit information into in electronic format, understandable to almost all computers. From this moment on, the problems of confidentiality and protection of personal information have become especially relevant. Hackers, industrial spies, competitors and other ill-wishers are constantly developing new ways to gain access to the information of individuals and companies.

Most software products on the market today store information called metadata in the same files that the user interacts with and exchanges, and which is used by the user to maintain file editing history and to aid in searching and retrieving information from files. Typical examples of metadata are the name and surname of its author, company information, computer name, version support of the document, various hidden information, etc., stored with the document. This metadata is also used to universalize the procedure for storing all information about a file in one predefined location.

At the same time, most of this confidential information is stored as if by default, sometimes in a way unknown to the user and in a place and form unknown to him. It's no secret that even seemingly harmless settings in software products may store information that will alert a persistent user to the owner of the product or his company. An example would be the Word text editor from Microsoft or any other software application that works with electronic documents and allowing you to save different versions of a document in the same file using different modes. Let's consider a simple but very typical case. Let's say our reader, being the head of the marketing department, spent several weeks working with his team to create a document describing the characteristics of the latest development. At the same time, it was planned to send this document to the sales department to start a new marketing campaign. At the last minute, a decision was made to remove several characteristics from the product description for the purpose of additional verification and clarification. However, it was known that these characteristics would definitely be included in the final version of the marketing document for this product. Without taking into account the fact that versioning support is activated for this document and that every change, including new version with the characteristics removed will be saved in a file, this document has received the widest distribution. Let's say that after sending a letter with the specified file to the sales department, it went to a competitor. The latter, having viewed various versions of the document, will be able to easily assess your current level and expected results, as well as timely convey information to its developers. In addition, the document properties may contain the name and email address of the author of the document, so it will be considered that he voluntarily provided the document for use by competitors.

How to organize the protection of private information and protect it from unwanted access? We will try to answer this question in this article. We'll also look at places in a document where metadata can be stored, and describe ways in which this data can be removed, thereby protecting the document. Before getting down to business, we note that the test object in this article is the English versions of the well-known and popular text editor Microsoft Word - Word 2000 and Word 2002 - included in the Microsoft Office package. It should be emphasized that, despite the commonality and continuity of these versions of this editor, they still have some differences in their functionality. This is the first thing worth paying attention to for readers who will immediately sit down at their personal computer.

How to access personal information

Let's start with the simplest thing - we'll show you how to get to personal information without any special tricks. This is done using a single feature in Microsoft Word that allows you to view text without formatting it. It turns out that this feature can be used to view metadata associated with a specific document. Anyone can access this data. To do this you need:

1. Launch Microsoft Word editor.
2. In the main menu item File, click Open.
3. In the dialog that appears, in the Files of type section, set Recover Text from Any File, select a Microsoft Word document and click the Open button.

This will open an unformatted document, a careful viewing of which allows you to easily find information containing the name of the author of the document and the path where you can find the saved document.

Considering all of the above, we recommend that before sharing a document with other users, review hidden information in order to decide whether it is worth leaving it in this document for public viewing. For example, by selecting Track Changes from the main Tools menu in Microsoft Word, followed by Versions from the Files menu, or by selecting Allow Fast Saves using the checkbox in the Options submenu of the Tools menu, you can track any hidden or deleted information that could potentially remain in the edited document.

As you can see, accessing personal information is quite simple. Naturally, a reasonable question arises about what methods exist to protect confidential information from prying eyes. Below, readers will be presented with several of the most common techniques.

Removing personal data from documents

The current version of the Word editor provides the user with the widest possibilities for working with personal data, starting from manual and ending with a programmable method of deleting information. Due to the fact that in this article we do not touch upon the issues of writing specialized programs, we will focus on the simplest methods that are accessible to a wide range of readers.

First of all, you need to make sure that some personal information was deleted when saving the document. To do this you need to do the following:

1. In the main Word menu, select Tools, and in it the Options submenu. In the dialog that appears, open the Security tab.
2. In the Privacy options section, activate the Remove personal information from this file on save checkbox and press the OK button.
3. Save the document.

In this case, for example, the following personal information is removed from the document:

• file properties: author, manager, company and name of the person who saved the latest version of the document;
• usernames associated with comments and track changes;
• the name Saved by is replaced by Author;
• the header of the e-mail message, which is generated by the E-mail button on the toolbar.

It should be emphasized that this operation is not installed by default in the Word editor. And even if such a flag is set, it will only apply to the currently activated document window. Therefore, this mode must be set for each document separately.

Another method that deserves attention is the manual method of deleting personal information. Document properties (within the file structure) store information about the document itself: the document file name, its storage location, creation date and other file attributes. However, document properties can also store other metadata, such as the author's name, company name, and document editor. You can manually remove this information from the document properties using the following sequence of actions:

1. Open the document in the Word editor.
2. In the File main menu section, select Properties.
3. In the multi-page dialog that appears, each tab Summary, Statistics, Contents and Custom may contain confidential information. To remove unnecessary or unwanted information, you must select it and delete it using the DELETE key.

Of course, the above procedures can be automated and programmed, making this process quick and convenient. However, a description of the principles of programming in Word is beyond the scope of this article and we refer the reader to specialized literature.

Where is the information hidden?

The basic rule that guides practical people is: “Measure twice, cut once.” This vital principle can be successfully applied to working with documents. Should you always rush to part with personal information? Where is hidden information stored? What ways are there to view hidden information? These questions will be answered in this section.

Hidden information can be found in the track changes functions and comment functions, which are mostly service functions for the Microsoft Word editor. They allow you to save intermediate information about formatting, text insertions, deletions, comments, etc., in other words, they can be actively used in the process of working on a document by one or more authors. In this case, by selecting the playback mode for all service functions, you can see all the changes made with the names of the authors. This is done using the Show menu item.

It should be borne in mind that when working on any document, it is advisable to adhere to two simple rules. The first rule is that before deleting any information, it is a good idea to print out the edited document along with the comments. Thus, at any time it will be possible to add this information to a new version of the document. In order to visualize changes or comments, you need to select Markup in the main View menu.

The second rule mainly concerns those who forget to monitor the presence of supporting information in the document they are sending or transmitting. For such users, an automatic analyzer for the presence of the track changes mode is provided, which will issue a warning about the presence of editing information in the document when they try to print it, save it, or send it via email. e-mail from the Word editor. To enable this mode, in the Tools main menu section in the Options dialog box, you need to select the Security tab and use the checkbox to set the Warn before printing, saving, or sending a file that contains tracked changes or comments mode (Fig. 1). So, the meaning of the second rule: always keep the track changes analyzer turned on.

The second place where confidential information can be stored is the hidden text mode of Microsoft Word. This mode allows you to show or hide specified text using a special character formatting procedure that makes them invisible. For example, while editing text in hidden text mode (hidden text is special non-displayed characters in a document file), you can make some notes for yourself. To view hidden text, in the Tools main menu section, select the Options item, and in the View tab, select the Hidden text mode in the Formatting marks section (Fig. 2).

This causes Word to mark the hidden text with a dotted underline. Unfortunately, the editor developers did not provide an automatic analyzer for hidden text in the document. However, there is a very simple procedure for removing it from the body of the document when printing. To do this, select the Options item in the Tools main menu section, then the Print tab and activate the Hidden text checkbox in the Include with document area section. In all other cases, you will have to delete the text manually.

A third source of unwanted information leakage may be undeleted previous versions of a document. The Word editor provides the ability to save multiple versions of a document in the same file. These versions are present in the file as hidden text and can be removed as needed. They are available to all users, and remain in the document, even if it is saved in a different format. Therefore, such versions should be removed in a timely manner, for which there are several ways.

The first method involves saving previous versions of the document. In this case, the current version is saved as a separate document. To do this, select Versions in the main File menu. Then select the version of the document that you want to save as a separate file. Next, press the Open key and select Save As in the main File menu. In the dialog that appears, set the file name and press the Save button.

The second method is to remove unwanted versions from the document, which will require the following steps. In the main File menu, select the Versions item, then select the version of the document that you want to delete (to select more than one version, you must hold down the Ctrl key). Next you need to click the Delete button.

Silent keepers of hidden information

Many readers may not realize that some procedures in Word save metadata by default. And they certainly don’t realize that blocking these procedures makes it possible to remove unwanted metadata from documents. Let's talk about this in more detail.

First, let's look at a method for quickly saving a document. Note that it works if the Allow fast saves checkbox is checked. However, not everyone knows that if you open a document that was edited in this mode as a text file, it may contain information that was previously removed from the document. This happens because Quick Save mode appends your changes to the end of the document, without taking into account any changes (including deleted information) made to the document itself. Therefore, to completely remove information erased from a document, you must disable the quick save mode. To do this, in the main menu of Word you need to select Tools, then the Options section and the Save dialog (Fig. 3).

Secondly, let's look at the procedure for merging documents. When comparing and combining Word documents uses randomly generated numbers to make it easier to track relevant documents in the future. Although these numbers are hidden, they can potentially be used to demonstrate that documents have a common source. To stop storing random numbers during the document merging process, you must do the following:

1. In the Tools menu, run the Options command. In the multi-page dialog that appears, select the Security dialog.
2. Disable the Store random number to improve merge accuracy checkbox.

However, it should be noted that you will have to pay for confidentiality - the result of merging documents will not be optimal: it will be problematic for the Word editor to determine the number of related documents.

Knowledge is power

Everyone who reads this article will certainly form their own opinion about the problem of information security on personal computer and everyone will be free to make their own decision. You can follow these rules and not save information, but you can lose it if you don’t make any efforts. The article examined the most simple ways preventing information leaks. In addition, as noted above, there are a number of programs to solve many of the above-mentioned problems, which will undoubtedly significantly simplify the procedure for checking the content of unwanted data in documents. However, this is a topic for another article. In conclusion, I would like to note that by protecting personal information, you can not only protect your business, knowledge and experience, but also give a decisive rebuff to dishonest people.

ComputerPress 10"2002

The easiest way to catch the tail of a careless employee or student who has outsourced his report or coursework is to look at the author or co-authors of the document. This information is stored along with other file metadata and can later be viewed by anyone. The matter becomes especially sensitive if the real perpetrator turns out to be a person familiar to the inspector: an employee of the same company or a student from the same stream. Of course, a multi-story lie will find a way out of the situation, but it’s as if it won’t come to light later. Notice the associated document users in the bottom right corner

It’s a banal example, of course, but that’s where people usually get pierced.

What information can be leaked?

The official Microsoft help explains what could pose a potential threat to your reputation. I'll give a summary of it here:

• Traces of the presence of other users, as well as indications of the edits they made and the comments they added if you co-authored the document.
• Discolored information contained in the header, footer, and watermark.
• Hidden Word text, invisible PowerPoint objects, hidden Excel rows, columns and sheets.
• Content outside the PowerPoint slide area.
• Additional document properties and other metadata, such as printer path information or email headers.

Document inspector

"Document Inspector" is a convenient tool for checking files for unwanted information. It is convenient for both the sender and the recipient of the document. All you need to do is go to “Details” and run the check. A couple of clicks and five seconds will reveal all the ins and outs.

The executor just has to click on delete, and the inspector can examine the document based on the available evidence.

Prohibition of storing personal data

The Details tool allows you to view and change important document properties, thereby preparing it for collaboration, archiving or sending by email. The tool provides access to several commands that will be discussed in more detail later in the text of the book, but here we will only briefly describe their purpose.

Properties

The right side of the Details window. Each document, in addition to the content itself, carries a lot of information about who created it, what its topic is, and what category it can be classified into. In addition, the document includes keywords, characterizing the contents of the document, notes, etc. All this information helps automated document management systems or users organize, sort and search necessary documents. For this reason, I advise you not to be lazy and fill out the appropriate fields. The more intelligently you fill them out, the easier it will be to work with the document.

Prepare for public access

Document inspector- this command opens the Document Inspector window. Some personal information and information about your computer is inserted into the document automatically without you noticing. For example, the username under which you created the document is contained in the document regardless of whether you filled out the property fields or not. If you printed the document or even previewed it, the full path to the local or network printer is embedded in the document. If you inserted illustrations into the document, the path to them is also stored in the document. If you send a document to the mailing list a large number different people, you may not like the idea of ​​such information being made available without your knowledge. The Document Inspector searches for hidden data in a document, presents it to you, and allows you to delete it
them from the Excel workbook.

Check accessibility- allows you to evaluate how convenient it will be for users with disabilities to use these documents.

Compatibility check- the command checks whether the document can be opened in earlier versions of Excel without making changes.

Protect the book

This tool allows you to impose restrictions on the ability to change and edit the content and structure of the book.

Encrypt with password- the document is encrypted so that you can see its contents only after entering the password. When encrypting a book with a password, be very careful about the current letter case and keyboard layout, otherwise you risk losing access to your own book.

Limit permissions for users- this command is usually available only to the author of the document and users of the corporate network or Internet. It uses a user rights management server. This can be a free Microsoft server or a corporate server. Every time a user tries to open a document, a request is sent to the server and it returns properties for that user, in particular information about what he can see in the document he is opening and what should be hidden from him. When you try to run this command, you will be prompted to register with the Microsoft server. If you are interested in seeing how restrictions work, go through this procedure, register several users with different rights and test this command.

Add digital signature - this command adds an invisible code to the document, replacing the usual signature. Carefully read what the signature creation wizard writes to you. If you create a personal signature, then with its help only you personally and only on this computer can make sure that your document has not been replaced. If you want to create a signature that will be “recognized” by external organizations, you will have to use the services of special network services.

Mark as final- after executing this command, it will be impossible to make changes to the document.

Protect current sheet- using this tool you can specify which sheet elements can be changed by other users, and which are protected and cannot be changed.

Protect book structure- prohibits changing the structure of the book (adding or removing sheets).

Versions

Allows you to view and restore draft versions of unsaved files or delete draft versions that are no longer needed.

Documents and files created by different programs imperceptibly carry some information in properties. It can be personal data, which while they are on your computer, no one pays much attention to them. But if you decide to share this file with anyone via Internet or using a flash drive, it is advisable to check and delete unnecessary data from file properties.

What is this personal information, which may be present in file? All information in file properties can be considered personal. After all, this file was created on your computer, and you gave it a name file or provided additional information, such as comments. These can be: the author's name, the date the file was modified, tags and keywords. The name of the program that created the file, date of purchase, copyright and much more.

Most often, the user transfers to other persons files documents and images and deleting personal data in file properties in this case it will not be superfluous.

Select which ones data O file leave and which ones delete possible using Windows Explorer, in file properties. To do this, right-click on the selected file and select “Properties” in the context menu. In the properties window, go to the "Details" tab.

This is where all the hidden extras are located. data and depending on the type file here you can see a pretty decent list of various information about the document. Review the list and determine which data you would not want to share with anyone with this document.

By the way, information about file not only is it possible delete, but also add it directly in the properties window. But, however, not at all points. To edit available properties, click the button opposite the item in the “Value” section. A small editing field will appear.

If necessary removal not editable data, below the window properties Click "Delete properties and personal information."

A window will open with an editing form, where you need to select “Delete the following properties for this file.”

It is worth paying special attention to the safety of personal data, since since last year the legislator has tightened the liability for the employer for failure to comply with the obligation to protect it. In this article we will tell you what is considered personal data, what obligations are established for employers to protect it, and how to organize the correct recording and storage of personal data of employees.

Systematize or update your knowledge, gain practical skills and find answers to your questions on at the School of Accountancy. The courses are developed taking into account the professional standard “Accountant”.

An employer, when hiring an employee, must request from him certain information that is necessary within the framework of labor, tax and accounting legislation. Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” requires the employer, who in this case is the operator of personal data and processes it, to ensure the security of this information.

What data is personal?

Personal data is any information directly or indirectly related to the subject of personal data - identified or determined to an individual(Article 3 Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data”, hereinafter referred to as the Law on Personal Data).

General personal data includes the following information:

• Full Name;
• Date and place of birth;
• address (place of registration);
• education, profession;
• an image of a person (photo and video recording), which allows identification and is used for this purpose by the operator (Explanations of Roskomnadzor dated August 30, 2013 “On the issues of classifying photo and video images, fingerprint data and other information as biometric personal data and features of their processing ");
• Family status, presence of children, family ties;
• biography facts and previous work activity(place of work, criminal record, military service, work in elected positions, public service and etc.);
• financial position. Information about wages are also personal data (letter of Roskomnadzor dated 02/07/2014 No. 08KM-3681);
• business and other personal qualities that are evaluative in nature;
• other information that may identify a person.

In addition, the Personal Data Law mentions:

• special personal data (concerning race, nationality, political views, religious or philosophical beliefs, health status, intimate life). As a general rule, the processing of this data is not permitted. Exception - cases provided for in Part 2 of Article 10 of the Law on Personal Data;
• biometric personal data (characterize physiological and biological features person, on the basis of which his personality can be identified). To process such information, the consent of the subject of personal data is required. An exception is cases established by Part 2 of Art. 11 of the Law on Personal Data.

An employer has the right to receive and use only information that characterizes a citizen as a party to an employment contract (for example, information about a person’s social and property status is not relevant to his or her labor process). This information is contained in the following documents presented by the employee upon hiring:

• in a passport or other identity document;
• work book;
• documents on military registration, education, family composition;
• certificate of income from previous place of work;
• application form filled out during employment;
• employee’s personal card (form T-2);
• certificates of marriage, birth of a child;
• medical certificates and etc.

The employer keeps copies of the listed documents, with the exception of questionnaires, work books and personal cards.

Processing of personal data

Processing of personal data - any action (operation) or set of actions (operations) performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of data (Article 3 of the Law on Personal Data).

The Personal Data Law obliges the employer to comply with certain requirements for the processing of this data. For example, the processing of personal data is carried out only with the consent of the employee (Clause 1, Article 6, Article 9 of the Law on Personal Data). To avoid legal disputes, it is better if this consent is in writing. The same rule applies to applicants.

In some cases, a written form of consent is expressly provided for by law (Part 4 of Article 9 of the Law on Personal Data). For example, the employee’s written consent to the processing of his personal data is required:

1) upon receipt of the employee’s personal data from a third party (clause 3 of Article 86 of the Labor Code of the Russian Federation). But in this case, the employee must be notified of this in advance and his written consent must be obtained (clause 3 of Article 86 of the Labor Code of the Russian Federation).

The notification must indicate (clause 3 of Article 86 of the Labor Code of the Russian Federation):

• the purpose of obtaining the employee’s personal data from a third party;
• intended sources of information (persons from whom data will be requested);
• methods of obtaining data, their nature;
• possible consequences refusal to the employer to obtain personal data of the employee from a third party. If an employee refuses to familiarize himself with the notice of the intended receipt of his personal data from another person, it is advisable to draw up an appropriate act.

If the employee changes his mind, he has the right to withdraw consent to the processing of personal data at any time (Part 2 of Article 9 of the Law on Personal Data).

In such a situation, continued processing of the employee’s personal data without his consent is possible if there are compelling reasons. They are listed in paragraphs 2 - 11 of Part 1 of Article 6, Part 2 of Article 10, Part 2 of Article 11 of the Law on Personal Data (Part 2 of Article 9 of the Law on Personal Data).

The employer does not have the right to request certain information (which is not related to the purposes listed in paragraph 1 of Article 86 of the Labor Code of the Russian Federation) from third parties, even if the employee agrees.

2) when transferring the employee’s personal data to third parties, except in cases where this is necessary to prevent a threat to the life and health of the employee (paragraph 2 of Article 88 of the Labor Code of the Russian Federation);

3) for processing special categories of employee personal data directly related to issues of labor relations (clause 4 of article 86 of the Labor Code of the Russian Federation, clause 1 of part 2 of article 10 of the Law on Personal Data). This data includes information about race, nationality, political views, religious and philosophical beliefs, health, and intimate life.

If an employee is incapacitated, written consent to the processing of his data is given by his legal representative (parent, guardian) (Part 6 of Article 9 of the Law on Personal Data). And in the event of the death of an employee, such consent is issued by his heirs, unless it was received from the employee himself during his lifetime (Part 7, Article 9 of the Law on Personal Data).

Not in all cases the employee’s consent to the processing of personal data is required. For example, if the data is received (clause 2, part 1, article 6, clause 2.3, part 2, article 10 of the Law on Personal Data, paragraph 1 of the Explanations of Roskomnadzor):

1. from documents (information) presented when concluding an employment contract;
2. based on the results of a mandatory preliminary medical examination on the state of health (Article 69 of the Labor Code of the Russian Federation, clause 3 of the Explanations of Roskomnadzor dated December 14, 2012 “Issues relating to the processing of personal data of employees, applicants for vacant positions, as well as persons in the personnel reserve” , hereinafter - Explanations of Roskomnadzor dated December 14, 2012);
3. to the extent provided for by the unified form No. T-2, including personal data of close relatives, and in other cases established by the legislation of the Russian Federation (receiving alimony, obtaining access to state secrets, issuing social benefits) (clause 2 of the Explanations of Roskomnadzor dated 14.12. 2012);
4. from a recruitment agency acting on behalf of the applicant (paragraph 12, paragraph 5 of the Explanations of Roskomnadzor dated December 14, 2012);
5. from an applicant who himself posted his resume on the Internet, making it available to an unlimited circle of people (clause 10, part 1, article 6 of the Federal Law of July 27, 2006 No. 152-FZ, paragraph 12, clause 5 of the Explanations of Roskomnadzor of December 14, 2012 ).

The employer, with the consent of the employee, can entrust the processing of his personal data to another person (part 3 of article 6 of the Law on Personal Data, paragraph 2 of paragraph 5 of the Explanations of Roskomnadzor dated December 14, 2012). But at the same time, it is the employer who is responsible to the employee for the actions of the specified person (Part 5 of Article 6 of the Law on Personal Data).

At Kontur.School: changes in legislation, features of accounting and tax accounting, reporting, salaries and personnel, cash transactions.

Organization of accounting and storage of personal data

The employer must ensure the protection of the employee’s personal data from unlawful use or loss at its own expense (Clause 7, Article 86 of the Labor Code of the Russian Federation).

Let's look step by step at the employer's steps to record and store personal data in the organization.

Step 1. The employer must issue a local act that will regulate the storage and use of personal data. Such an act is usually the Regulation on Personal Data of Employees, with which employees must be familiarized with their signature (clause 8 of Article 86 of the Labor Code of the Russian Federation). The employee must familiarize himself with the Regulations on Personal Data, as well as other local regulations, before signing an employment contract (Article 68 of the Labor Code of the Russian Federation). It is impossible to familiarize an employee with a document by sending it by e-mail; this will not be considered familiarization with a signature. In the absence of the employee's signature, the employer will not be able to prove that the employee was familiar with this document.

Statement on personal data, like any other local normative act, is issued and approved by order, which is signed by the head of the organization or another authorized person.

In the event of an inspection of an organization, the inspection authorities may request this document and check whether employees are familiar with it. The absence of such a document or failure of employees to familiarize themselves with it may be grounds for holding the employer liable in accordance with Part 1 of Article 5.27 of the Code of Administrative Offenses of the Russian Federation, and if a similar violation is committed again - under Part 2 of Article 5.27 of the Code of Administrative Offenses of the Russian Federation. This conclusion is also confirmed judicial practice(Resolution of the Federal Antimonopoly Service of the Moscow District dated October 26, 2006 No. KA-A40/10220-06 No. A40-20745/06-148-194).

Step 2. The employer approves a document containing a list of personal data that is used in the organization’s activities. This document includes all the information that the employee provides in writing about himself when applying for a job, as well as that used in the future when preparing personnel documentation.

In addition, the list must contain documents containing information about employees that the organization submits to various government bodies (tax and labor inspectorates, statistical authorities).

Step 3. The employer must, by order, appoint those responsible for working with personal data and those responsible for ensuring the security of personal data. This responsibility can be either a specific person or a department. In the latter case, the head of such a unit bears personal responsibility. This order must be brought to the attention of all employees specified in it, which must be confirmed by their signature.

Step 4. In case of an inspection, in order to avoid disputes with inspectors, it is better to prepare the following documents:

• statements from employees regarding consent to the processing of personal data;
• logs of personal data, their issuance and transfer to other persons and representatives of various organizations, government bodies;
• log of checks for the availability of documents containing the employee’s personal data.

Step 5. By order of the head of the organization, establish a list of storage places for documentation that is a carrier of personal data of employees, as well as a list of measures necessary to ensure the safety of personal data, the procedure for their adoption. All documents containing personal data of employees, such as personal files, file cabinets, accounting journals, should be stored in specially equipped cabinets or safes that are locked and sealed. Work records of employees should be kept in a safe separately from personal files.

Let's sum it up

• whether consent to the processing of personal data has been obtained from all employees;
• are employees familiar with local regulations establishing the procedure for processing such data, and with their rights and responsibilities in this area;
• whether personal data is properly stored and protected;
• does the documentation on their processing comply with legal requirements, etc.