• To comply with the Data Protection Act in terms of the privacy of information relating to individuals.
• Organisational, whereby information is commercially sensitive, such as plans for a new product.

The Data Protection Act states that all data stored about individuals must be kept secure. It is also a moral obligation of organisations to ensure that personal information is not revealed.

If you work for an organisation, then they will store personal information about you, such as date of birth, national insurance number, bank details, absence records, qualifications, disciplinary records and appraisals. This information is very private to you and you would not want your colleagues to know all of it. While it might be reasonable for a personnel administrator to enter and check your absence records, you would not want them to see details about your appraisals because they are private. A correct balance needs to be made between ensuring people who are not entitled to see your information do not see it and ensuring that certain employees are able to carry out their duties if this requires using personal data.

Organisations also store information about customers or people linked with the organisation and this must remain confidential too. For example, your doctor's surgery will store all of your medical records. These could be very sensitive and so must be kept secure. If you purchase some products from a company, then you may or may not choose to receive emails from other companies that they select. If you choose not to, then they must ensure that other companies do not see your email address or any other data about you.

However, there are occasions when personal data may need to be accessed. For example, the Regulation of Investigatory Powers Act enables organisations to view emails that are being sent to and from employees within the organisation. The organisation may be suspicious that an employee is giving away company secrets and will therefore monitor emails being sent and received by that employee.

Some information about people may need to made publically available or may be kept confidential when it would be in the public interest to reveal that data. There is a lot of debate as to whether details of the addresses of individuals on the sex offenders' register should be revealed. Some people would  like to know this information so that they can ensure their children do not go near those addresses and are frustrated if they are denied access to this information. However, making this information available could cause vigilantism against the sex offender which does not allow the offender to live a normal life after they've served their punishment and causes disorder in the community.

Organisations will have data that is sensitive, such as plans for a new product or details of financial difficulties that are being experienced. In these situations, they will want this information to be kept secret so that their competitors do not find out and try to produce a better product or spread rumours about the financial difficulties. Other sensitive information may include market research statistics which have cost a lot of money to collect and if they are made available to other organisations, then they will gain an advantage at no cost to them.

Employees need to be given guidance on how to use passwords. This should include:

• Choosing a password that can be remembered but is not obviously linked to you so that it is not easy to guess.
• Choosing a password of a minimum length so that there is a larger combination of characters to make it harder for hackers to crack, and that includes letters, numbers, lower case, upper case and special characters to increase the number of combination of characters.
• Changing passwords regularly in case somebody has found out your password.
• Not giving your password to anybody else, not even your manager or a colleague you think you can trust.
• Not using a password that has been used previously.

Employees need guidance on how to prevent unauthorised access to their workstation. This could include:

• 'Locking' the computer so that it cannot be accessed without entering the password.
• Using a screensaver with a password so that if you forget to 'lock' your computer, then the screensaver will take over after a couple of minutes and 'lock' your computer for you.
• Ensuring nobody is looking over your shoulder or across the table when you enter your password.
• Anti-spyware  should be installed so that malicious software cannot be installed on a computer that would gain access to the data on the computer and send it to the spyware originator. Spyware software can also track a user's keystrokes to find out what is being types, including passwords.
• A firewall should be installed between a computer network and the internet or WAN. The firewall will ensure that only data of certain types are allowed in to the network and it will prevent some applications from sending data out of network to prevent spyware attacks.