Top Tips for Managing Data Privacy and Remote Working
The Covid-19 Pandemic has led to a dramatic rise in the numbers of employees working remotely, however this change in work environment comes with significant risk in terms of data privacy. Our Employment & Data Protection team look at the practicalities of keeping data confidential and safe in the home environment below and offer top tips on how this can be achieved.
Article 32 of the GDPR puts an obligation on organisations to implement technical and organisational measures to ensure a level of security appropriate to the risk when processing personal data. Thus regardless of where the work is carried out an organisation needs to have in place the systems and equipment that ensure data security.
- Risk Assessment: This should be carried out on the remote environment and consideration should be given to how the data will be processed when working from home.
- Devices: Consider what devices are being used to carry out the work. In order to maintain security all software updates should be installed. If employees are allowed to use personal devices this should be reviewed or if this was a temporary measure at the outset then employees should be reminded that they should now be using Company devices. Employees should be reminded to keep their devices safe, use strong passwords and to lock the screens if they are not in use.
- Communications: Ensure that any communications being exchanged are done so in a safe and secure manner. Employees ought to use official Company email addresses and where possible avoid the use of personal email addresses. The remote working environment creates opportunities for fraudsters to engineer attacks on organisations. Employees should be reminded that they should not click on links or open attachments from unknown senders. If documents are being attached to emails or shared they should be protected such as password protection or encryption. If chat forums or teleconferencing is used for communication the organisation should look at recommending suitable secure platforms.
- Cloud Storage & Networks: Care should be taken to ensure that the cloud storage solution is not set to public or accessible without a username or password. Consideration should be given to limiting access where possible to files or storage to limit the potential for breaches.
- Paper: Discourage employees from removing paper records from offices however where it is necessary a record should be kept of what paper documents have been removed. Employees should ensure that any paper kept at home is kept in a safe and secure manner and if it is disposed of this should be done carefully and where possible employees should return it to the office for safe disposal or destruction.
- Policies and Training: All data protection policies and privacy notices should be reissued to employees. Training should be rolled out for employees to highlight the risks of handling personal data in a remote environment. Employees should receive training in what steps they should take if they discover a data breach. It is critical for any organisation that they are made aware of any breaches as soon as possible so that the risk can be mitigated.
For further information on this or any other employment matter, please reach out to your usual Whitney Moore contact or any member of the employment and data protection team.