考勤系統的數據存放與保安問題

現在很多公司都有自己的考勤系統,有的用指模、有的用傳統打卡機、也有的使用最新的面部識別系統。不過無論用那款考勤系統,尤其後者,系統的數據存放與保安是一個很大的問題。就著這個課題,筆者嘗試在三方面探討如何處理。

網路保安

要成功紀錄員工的出勤紀錄,系統必須有個相應的軟件紀錄,而該軟件紀錄了員工的個人資料包括姓名、近照、員工卡號碼、生物紀錄等。而這些資料會紀錄在自家或雲端的服務器裏。服務器必須與門禁感應器連線,並通過互聯網給予限制人士使用。

一講使用互聯網便會有網路保安問題。外在的網路保安可透過連接服務器的路由器作 IP 地址及網路端口過濾嚴格控制入站的流量。

系統保安

有網路保安亦有系統保安,在系統保安上必須安裝防毒軟件確保系統不受病毒影響,而且要定期更新系統軟件補丁,確保系統的安全。除此之外,系統也必須限制職員登入,只准許授權職員登入,確保系統安全。

數據保安

要確保數據安全除了限制職員使用該系統外,還需要定期作備份,備份可以將資料以加密形式儲存到別的電腦或硬體內,確保就算該系統遭人為或天災破壞,也會有備份。至於為何以加密方式,就是防止第三方盜取,加密了的資料是需要私匙才能解密的。

遵守了以上原則,整個考勤系統就會非常安全了!

GDPR and CCTV

GDPR is an acronym for General data protection regulation, which any organization operates in any European countries or target customers in the area, must comply with this new data security rules or you may be fined up to €20 million or 4% of your turnover (whichever is greater).

The Use of CCTV & GDPR

CCTV is used very commonly among all businesses, but under the GDPR, business owners need to have a ‘strong’ and ‘fair’ reasons explaining why they need to use CCTV in the areas. One particular example will be to protect employees health and safety. When CCTVs are installed, the business owners, must have signs and contact information which warns the people around CCTVs are in placed or they contact you if they have any enquiries.

Most CCTVs footages can be kept in 30 days, but if business owners want to keep in longer period, they must have a risk assessment and explain why.

The CCTVs footages must be encrypted and the business owners must have a contract in place with their
data processors and explain what they can do and can’t do.