As the UK enters its fourth week of lockdown, the vast majority of people are (and have been) working remotely from home. Thanks to the technology that is now available, that is a possibility for a large number of us. Whilst helpful and critical for some businesses, it does raise the issue of whether businesses have the appropriate policies and procedures in place to ensure the safety and security of data.
Remote working can present different risks than in an office environment and many employees are now working from home for the first time. Aside from the technological security measures that can be put in place using firewalls, anti-virus software and the like, businesses could bolster that security by ensuring they have appropriate data sharing, privacy notices and remote working policies. By having these policies in place, businesses can ensure that employees know exactly what they should and should not be doing when it comes to protecting confidential information and data.
A well-drafted Privacy Standard, for example, would include data protection principles, how data must be handled, where it should be stored and how long data can be kept before it must be destroyed. It could also go on to handle subject access requests and how they must be responded to (and within what time limits) and reporting data breaches.
Without these policies, it can be difficult to monitor data security and confidentiality. Not only do they assist employees in how to handle data when working from home, they assist in maintaining confidentiality and help demonstrate that a business is complying with its obligations under the relevant data protection legislation.