74) Staff need to appropriately protect information and not to disclose it to third parties unless they have proper and specific authority, or there is a legal or professional right or duty to do so.

75) Examples of controls/safeguards that may be applied at the individual level:

a) within the SAI, using professional judgement to respect the confidentiality of information; in particular, keep the confidentiality of information in mind when discussing work-related issues with other employees;

b) in the case of doubt whether suspected breaches of laws or regulations should be disclosed to appropriate authorities (or parties), consider obtaining legal advice available within the SAI to determine the appropriate course of action in the circumstances;

c) in private life, maintaining confidentiality within the family, social or other environments, including social media;

d) securing electronic data carriers, such as laptops and portable data storage devices;

e) maintaining the confidentiality of passwords.

(parent: 4. [Application Guidance for] Fundamental Ethical Values)

INTOSAI ref. Code of Ethics(pdf) (ISSAI-P 30).
#tagcoding hashtag: #issai0374

en en.gif
fr fr.gif
nl nl.gif