Legal Articles

Coronavirus: Data protection and working from home

Home / Knowledge base / Coronavirus: Data protection and working from home

Posted by Claire Halle-Smith on 06 April 2020

Claire Halle Smith - Data Protection Lawyer
Claire Halle-Smith Senior Associate

We are all aware that the unexpected and immense move towards home working undertaken as a result of the Covid-19 pandemic has presented a variety of challenges to organisations across every sector. Some of these can be relatively easily managed by the implementation of business continuity plans, such as establishing regular contact with staff and customers, whilst others will require new procedures, evolving as organisations encounter new and unexpected complications, and all whilst bearing in mind that this cannot simply be a temporary fix given the government’s view that it could be up to six months before ‘normal’ life resumes.

Whilst there is plenty of advice as to the management of employees working remotely and how they can manage the practicalities of working from home, stress levels experienced by employees and managers alike will be significantly higher than usual, each dealing with personal as well as professional challenges, perhaps resulting in the potential for decrease in workload but also, importantly, substantially increasing the risk to the security of personal data and confidential information now processed outside of the secure office environment.

Risks to data security emanate from a variety of sources, most commonly human error, however scams and cyber attacks have significantly increased over recent weeks, becoming ever more convincing to their targeted recipients. It is conceivable that this increase, combined with the likely decrease in supervision and potential reduction in contact between colleagues, could result in an increase in data breaches or hacking of an organisation’s confidential information, as well as significant financial risk where funds are regularly transferred.

So how can you assist your employees and ensure appropriate security methods are adopted at home?

  • If not using the organisation’s equipment, ask employees to specify what devices they are using.
  • If necessary, require employees to encrypt personal data and confidential information before sending, and to confirm the intended method of encryption beforehand.
  • Issue reminders to update usernames and / or passwords.
  • Require employees to safely store sensitive manual files and paper documents until they can be returned to the office for shredding.
  • Advise all employees not to use a speakerphone or conduct work-related conversations in the presence of smart speakers or home surveillance (e.g. Alexa Echo, Google Home, Siri, Ring) and to be mindful of others who may have access to their screens.
  • Where possible, require opt-out of cookies each time an employee uses video-conference applications.
  • Update internal policies for remote working and data privacy, ensure these are circulated to all employees and referenced in online team meetings.

As for the organisation, it goes without saying that, if it hasn’t been completed already, ensure the organisation is properly equipped by consulting with an information security professional to maintain good cybersecurity. Such consultation is likely to include reference to the following:

  • Include warning labels on incoming emails that originate from outside of the organisation.
  • Where possible, equip employee devices with remote access capability, relevant software, and up to date manufacturer software updates, via a virtual private network (VPN).
  • Ensure multifactor, two-step authentication is required for employee remote access.
  • Clarify with employees the acceptable systems and devices that are permitted and identify and specify particular information and documents that require careful handling.

The recent statement published by the Information Commissioner’s Office confirms its understanding that the processing of personal data may be affected by the needs of an organisation when addressing the impact and attempting to limit the spread of Covid-19, and although this gives some comfort to organisations, maintaining adequate security measures remains imperative. Save for certain understandable delays, for example in the response to individual requests, the processing of personal data carried out by organisations on a daily basis must continue to be undertaken within the confines of the GDPR.  

In conclusion, although the sudden move to remote working comes with a new set of challenges for many organisations, a careful and thoughtful approach in responding to issues as they arise will allow these organisations to continue to adequately limit risks to the data processed by employees, with the added benefit of future proofing those business continuity plans for any future similar event.

About the author

Claire Halle-Smith

Senior Associate

Claire’s experience in-house coupled with her ten plus years’ advising on data privacy matters enables her to identify those key issues facing an organisation and to provide practical, solutions-based advice.

Claire Halle-Smith

Claire’s experience in-house coupled with her ten plus years’ advising on data privacy matters enables her to identify those key issues facing an organisation and to provide practical, solutions-based advice.

Recent articles

20 October 2020 Setting up an EMI scheme for your company

Over 12,000 companies across the UK use an EMI scheme (Enterprise Management Incentive) as a way of attracting, retaining and motivating their key employees. Our guide covers all the steps to set up your EMI scheme.

Read article
16 October 2020 Sales and leasebacks and the changes to the planning use classes order

We're covering just two topics very different to each other but both in their own way creatures of this pandemic which is truly dominating our lives. Those topics are sales and lease backs and the recent changes introduced to the planning use classes order

Read article
16 October 2020 Co-habiting couples - How much protection do you have?

It is becoming more and more common for couples to live together and start a family without getting married or entering into a civil partnership. Until the law catches up in this area, cohabiting couples need to be aware of their limited legal rights.

Read article
How can we help?
01926 732512