These guidelines apply to any paper documents containing personal data.
They supplement the corresponding administrative procedure Handling Paper Documents by providing practical hint and tips.

• What are the vulnerabilities associated with paper documents?

1. Paper documents can be read, photocopied, photographed, shared accidently, mishandled, damaged, removed or destroyed, lost or stolen;

2. Paper documents containing personal information may be duplicated (several copies) as a backup just in case the original is lost or misplaced. Unsecured copies of personal information may be scattered all over the place and not disposed of properly, which could lead to data breaches.

• Can you locate all documents containing personal data of a data subject when he/she requests for data deletion, access or correction?

It might be difficult identifying which documents exist and/or if several copies of the documents exist. The risk is if one cannot physically find this information then it becomes very difficult to comply with data protection duties.

• Avoid printing unless it is necessary; Go paper-less and give preference to existing digital documents as much as possible;

• Avoid duplicating documents (paper form and digital format).

• Can you manage the retention period defined by the Controlling Service?

It might be difficult to ensure that all documents are deleted and at the right time.

• Destroy as much as possible when legitimate (consult the appropriate privacy notices) and in accordance with the procedures in place, namely Destruction of paper and devices containing personal data and Clean-up of Departmental Working files to eliminate unnecessary paper documents.

• Can you guarantee paper documents’ security?

Unauthorized persons may accidentally access paper documents containing personal data on your desk or at home.

Off-site transportation of paper documents containing personal data can represent a risk as paper documents might be left inadvertently on a train or a car for them to end up in the wrong hands (being stolen).

Personal information contained in the paper documents may be used to adversely affect individuals.

• You must limit the physical access of unauthorized persons to paper documents containing personal data;

• You are recommended to clearly label the paper documents which contain personal data by marking them (e.g. in the header, with a watermark, etc.), to encourage cautious behaviour among individuals with access to documents.

• What should you keep in mind when printing or photocopying documents containing personal data?

• Retrieve printed documents containing personal data immediately after they have been printed or, where possible, carry out secure printing (PIN code on printer);

• Print or copy only what is really necessary;

• Ensure printing on the appropriate printer;

• Prevent sensitive data from being printed or copied, on purpose or inadvertently, by those who may or may not have access to it.

• You need to send a paper document containing (sensitive) personal data to a colleague, what should you do?

General remark: This practice should be avoided as much as possible.

• It is recommended to verify with the Controlling Service concerned if a paper version of a document is really needed or not. If not, preference should be given to an electronic version that can be shared via a secured platform recommended by the Organization (such as CERNBox);

• If the Controlling Service requires the paper format of the document, then you should deliver the document in person and not leave it in an opened mailbox outside an office. This security measure is crucial if sensitive personal data are concerned.

• What safeguards shall be in place in your office?

You must ensure:

• You have locked your office when you are not in there;

• You have a filing cabinet with a lock in your office. In case of absence, you should ensure that somebody else has the cabinet’s key;

• That only authorised people have access to the offices where many personal data are stored (e.g. DAO Office, secretariats, etc.) and to the Departments’ archives. People who have this access should be known of course but should also have a good reason to consult the archives.

Furthermore, people entering an office of a colleague should respect at any time the CERN Code of Conduct with regard to confidentiality of information.

Personal notes and comments on notebooks, notepads and sticky notes for example, may include your own personal data and/or those of other persons. You should carry these items securely at all times.

• What should you do when taking paper documents off-site?

• The documents must be transported in a secure way and should be kept with you at all times;

• When documents are transported within a vehicle, they should not be visible to the public. You should lock them in the boot of the vehicle and not leave them in the car overnight;

• You must ensure that the information is not easily accessible by any other members of the household (including family, friends, and neighbours) or at the hotel or in the plane, even if these people are CERN colleagues, unless their access to the paper document is legitimate;

• Avoid making additional copies of the documents;

• If you need to dispose of paper documents while being off-site, make sure that you destroy them properly (e.g. shredding). If you are not equipped for doing so, bring the documents back to CERN to shred them.

• How can I protect my own personal data?

It is our individual responsibility to ensure that we protect our own data in the workplace. Below you will find a list of good practice to adopt to better protect your personal data:

• Avoid leaving your personal documents which could just as easily contain sensitive information lying around printers and in mail trays;

• Put your personal documents in a secure location in your office;

• If you need to send sensitive personal data to an external entity, preference should be given to an electronic format, double envelopes usage or to bringing personally the document whenever possible. For UNIQA reimbursement claims for example, you can use the dedicated web platform myUNIQA or bring your blue envelope personally at the UNIQA office of CERN (mail box or desk);

• Double envelopes should be used if appropriate, since a risk of being opened by an unauthorized third party exists. Indeed, it may happen that an organisation uses an automatic letters’ opener and even an extractor. In that context, putting your personal document within two envelopes increases its security.