In these working from home days, where weekdays seem to blend into weekends which melt into weekdays again, most of us don’t have the luxury of offices at home. Space is at a premium. Desks or dining room tables are shared. Papers are strewn across the floor. We lack the space and equipment we took for granted working from an office. The secure cabinets, safes, confidential waste bins, shredders, locked drawers. A decent coffee machine. It’s easy to take for granted all the tools we had available to keep information secure (excluding the coffee machine).
Working from home doesn’t make those confidentiality agreements and information security obligations any less enforceable than they were a few weeks ago. Your business will still be under obligations to ensure confidential information, personal data and the like are kept secure, are not lost or stolen or disclosed to any third party. Is your home desk or dining table hosting confidential paperwork and who might have access to it? Do you share a flat with anyone you don’t know? Do you have a cleaner? Any millionaires out there who have their own staff? It’s easy to just leave your papers on the table or your laptop unlocked. In all likelihood, nothing will come of it, but it’s probably not worth the risk.
If you’re subject to very stringent information security obligations, there may be additional measures your employees are missing at home. Will any employees be using unsecured public networks to access company material (although acknowledge that a trip to a coffee shop isn’t looking possible any time soon). Working from home will most likely mean employees are working longer hours, using unknown devices to check e-mails Do these devices have adequate antivirus protections in place? Can everyone still comply with those encryption requirements tucked away in the middle of the information security schedule? How about those building or physical security requirements?
One depressing fact of this pandemic is the surge in scammers seeking to profit from the public panic. We’re all vulnerable to these situations. So dig out those confidentiality agreements and information security requirements, review your employee working from home protocols, update that staff handbook (or remind your employees where to find it) and make sure everyone knows what to do after a data loss event. And stay vigilant!
The Information Commissioner’s Office (“ICO”) has made a provisional decision to fine a software provider more than £6 million. If the provisional decision is confirmed, it would mark the first case where the ICO impose a monetary penalty notice on a processor under the UK General Data Protection…
Data breaches: Is personal data held in your systems secure?
European Commission launches process on personal data flows to UK
The Court of Appeal has held that an individual can claim for compensation under section 13 of the Data Protection Act 1998 where a breach of the DPA results in a “loss or diminution of a right to control” their personal data. A claim of compensation would not require the…