Search

How can we help?

Icon

Remote working: How to stay Data Protection-Compliant

In recent years, there has been a very significant movement from office-based to remote working, driven initially by the increasing attraction as an employee retention tool of flexible working and, of course, accelerated in a truly unforeseeable way by the COVID-19 pandemic. Even though no longer subject to legal constraints on movement and where work can be carried out, many businesses have continued using a distributed workforce, and, for a sizeable number, remote working is now the norm rather than the exception.

Remote working, with its advantages, also carries risks, a significant one being cybersecurity and, in particular, data protection compliance. The fact that a data breach takes place away from office premises when an employee is working in an internet café, in their house or wherever will not in any way relieve their employer – be they a data controller or a data processor – from the significant financial and reputational repercussions of that breach.

So, what should organisations do to reduce the cybersecurity and data protection risks of home working to the same (well, hopefully, in a well-run business) low level as with office-based working? These are some areas to consider:-

Employee Awareness

First and foremost, businesses must ensure all relevant policies are up-to-date and reflect changes in working practices – for example cybersecurity and confidential information policies – and that these are reviewed and revised frequently.

However, there is no point in having state of the art policies unless employees are aware of and follow these, and the key to this is, of course, regular employee training. For the Information Commissioner’s Office (ICO), this is a key employer obligation.

Systems and Equipment

Ideally, a corporate virtual private network (VPN) should be in place to prevent, to a high degree, unauthorised access to sensitive and confidential data and information. Through a VPN, employees’ connections from remote working locations to the organisation’s servers can be encrypted, allowing safe and secure network access. For obvious reasons, use of public Wifi without a VPN is very inadvisable and there are risks of unauthorised access even with home Wifi which are significantly reduced by use of a VPN.

It is not always economically feasible for an organisation to issue all its remote working employees with company-issued laptops but this is the safest solution. If employees are allowed to use their own devices, it is important that their own data and the organisation’s data are kept separate and that (through proper training) they understand the risks of inadvertently moving the organisation’s data into their personal storage, which is quite easily done when using a single device. Password security is particularly important when personal devices are being used and many employers use – wisely – multi-factor authentication (for example, having to add a passcode provided by text message after entering the password) for additional security.

Jon Chapman

Senior Consultant

View profile

+44 118 960 4683

Businesses must ensure all relevant policies are up-to-date and reflect changes in working practices, and that these are reviewed and revised frequently.

Common Sense

It is important that employees understand that working remotely will never be as secure as an office environment and adapt their behaviours accordingly. Much of this is common sense. A few key messages:-

  • Don’t mix work and personal emails – because when this happens, the possibility of a security breach increases significantly. Recent high profile incidents (for example, Suella Braverman using personal email six times for work emails) emphasise the dangers of this!
  • When at work, you are with work colleagues who are under confidentiality constraints. In another remote working location, even at home, you are not. Don’t drop your guard and keep a ‘work head’ on – so avoid discussing sensitive matters in earshot of others, be particularly careful with phone and video calls, don’t leave sensitive documents lying around on your printer or elsewhere and so on.
  • Confidential waste is still confidential waste, even at home. It does not go out with your cardboard recycling! If you cannot have it destroyed properly and irretrievably, it needs to go back to the office for shredding.

Remote working is here to stay and, with correct planning and management and applying the above principles, associated cybersecurity and data protection risks can be reduced to typical business risks.

It is also recommended that organisations who have employees who work remotely consult the ICO guide on this issue.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Jon Chapman

Senior Consultant

View profile

+44 118 960 4683

About this article

Read, listen and watch our latest insights

art
  • 09 December 2024
  • Employment

Mistletoe and Missteps: Preventing Harassment at Christmas Parties

As the festive season approaches, offices are coming together for their annual Christmas parties, offering a chance to unwind and celebrate the year’s achievements. However, whilst these events provide a necessary release and recognition of employee’s contributions, they also present a heightened risk of inappropriate behaviour, particularly sexual harassment.

art
  • 28 November 2024
  • Employment

Employment Rights Bill: The Regulatory Policy Committee opinion

This article considers the Regulatory Policy Committee’s recently published opinion on the impact assessments for the Employment Rights Bill. The Committee assessed the quality of evidence and analysis used to inform the government proposals and came to the overall opinion that the impact assessments are currently “not fit for purpose”.

art
  • 19 November 2024
  • Employment

Booting out discrimination: Referee David Coote suspended over alleged derogatory comments

It has recently been reported that referee David Coote has been suspended with immediate effect, pending a full investigation, after making derogatory comments. In this article, we will focus on the alleged discriminatory comments made and learnings from this. Given that the matter is currently being investigated, it will be a big case to watch, as if the allegations are proven, what action could be taken against Mr Coote?

art
  • 13 November 2024
  • Employment

Modern Slavery Act 2015: Select Committee calls on the Government for change

The article will cover the House of Lords Modern Slavery Act 2015 Committee’s recent report and key recommendations following its inquiry into the impact and effectiveness of the Modern Slavery Act.

art
  • 12 November 2024
  • Employment

Redundancies on the Rise: What alternatives are available?

As we move into the second half of the year, and with the cost-of-living crisis not yet showing signs of easing, many businesses are feeling the pinch and are exploring their options in a bid to save costs.

art
  • 11 November 2024
  • Employment

Clarkslegal welcomes a new employment partner

Clarkslegal is delighted to announce the appointment of Katie Glendinning as a partner within our highly-ranked employment team.