There are two main types of information where access needs to be managed;

1) Company Information
2) Private Individual Information

Companies limit access to certain information on their computer network as a matter of routine. Not everyone will be able to access last month's sales figures or know the detailed plans for next year. Everyone accepts this as reasonable and protection against speculation in the company's shares.

Management of sensitive information of this type is can be achieved by firewalls and password protection within a company's computer network. Access to the information can also be at various levels, eg read only or editing rights.

Backing up data on a daily basis is an essential part of a company's disaster recovery plan. Very sensitive information may not be stored on a network connected computer. Hackers are a security threat that most IT network managers are very aware of.

Every company and government body also gathers information on us. That might be as simple as a database of phone numbers and addresses, or it could include your Social Security number and driving licence details. There are laws in place to limit how that information is accessed and used.

Government agencies and large companies usually comply fully with all state and federal legislation regarding Information management. They have personnel who are exclusively responsible for managing the information databases.

Small businesses may be less vigilant in their compliance, not through a lack of willingness, but through a lack of knowledge or management time. When there is effectively one person making all planning and management decisions in a company, a policy for information management is not always high on the agenda.

You have the right to see the information that any company or organization holds on you and to have it corrected if inaccuracies exist. You should also ask what the company uses the information for, whether it is for marketing purposes or whether the information is shared with other companies