This guideline defines how Kiluth employees must handle documents containing personal or sensitive information (e.g., pay slips, contracts, identification documents, financial records) when using shared platforms.
The objective is to protect employee privacy, ensure data security, and maintain compliance with data protection standards (e.g., PDPA, GDPR).
Scope
This policy applies to all Kiluth employees, contractors, and interns who access or manage sensitive files while using:
Documents containing personal identifiers such as name, address, salary, ID/passport number, or financial details.
Secure Storage Platform
Authorized cloud or internal storage system with access control, version history, and audit logs.
Shared Workspace
Platforms where multiple employees access tasks or projects (e.g., Asana, Notion).
Private Workspace
Storage or folders with restricted access, available only to authorized employees or departments.
Guidelines
Uploading Sensitive Documents
Uploading Sensitive Documents
✓ Correct
Upload sensitive files (e.g., pay slips, contracts, ID scans) only to a secure cloud storage platform such as Google Drive, OneDrive, SharePoint, Dropbox Business, or Box.
✓ Correct
You may store the file in any folder you manage, provided that access is restricted to only those who need it.
✕ Incorrect
Do not upload sensitive files directly to Asana, Notion, Trello, or similar project tools.
Sharing Links in Project Tools
Sharing Links in Project Tools
1
Store the file in a secure folder with appropriate access control.
2
Generate a share link that allows only authorized personnel (e.g., project manager, HR, finance, or relevant stakeholders).
3
Paste the link in the Asana card or task description instead of uploading the file.
4
Add a note such as: “Sensitive file stored in a secure location. Access restricted to authorized users only.”
Access Control
Access Control
1
Follow the principle of least privilege (only HR/Finance or necessary managers should have access).
2
Avoid using “Anyone with the link can view.” Instead, prefer:
• Specific people only
• Anyone in the Kiluth domain with the link (if broader access is required but still controlled)
3
Review permissions regularly and remove unnecessary access.
Temporary Files
Temporary Files
1
If a sensitive file must be temporarily uploaded for workflow reasons:
• Use restricted access only.
• Delete the file immediately after use.
• Confirm deletion and record in the task notes.
Employee Responsibility
Employee Responsibility
1
Always double-check before sharing: “Does this file contain personal or sensitive data?“
2
If yes → Use a secure storage platform and share a controlled link, not a direct upload.
3
If uploaded incorrectly → Delete immediately and notify HR.
Enforcement
Enforcement
1
Any breach of this guideline may result in disciplinary action depending on severity.
2
HR and IT will conduct regular audits of shared folders and project tools to ensure compliance.
Example Scenarios
Example Scenarios
✕ Incorrect
Uploading “Pay slip – Khun Somchai.pdf” directly into an Asana card.
✓ Correct
Uploading the file to your secure Google Drive folder (restricted access) and pasting the link in Asana.
✕ Incorrect
Sharing a sensitive file link set to “Anyone with the link.”
✓ Correct
Sharing a link restricted to specific authorized users only.
Remember: Privacy is everyone’s job. Following these principles protects both Kiluth and our clients — and maintains the trust that defines our brand.