Home working: An overview
The recent Covid-19 pandemic lead to a rapid almost overnight change in working habits, the majority of office workers and most other industries switched from working in an office to working from home.
Working from home offers considerable benefits, no commute into an office, more time with family and for a significant number of people more productivity (no office distractions). There are however downsides to home working, no break/separation between work life and home life, some people may not have a separate office area where they can work, one of the most overlooked concerns is home workers complying with their data protection obligations/GDPR regulations.
Working from home can mean people use their own personal laptop, computer and phone instead of using office systems. Office systems are normally well maintained and most importantly have up to date security software including encryption, firewalls and antivirus technology. Personal devices may can come with antivirus technology pre-installed but how many people forget to or neglect to regularly update this? Personal devices may be shared between family members, there may be nothing in place to stop other family members accessing/viewing or accidently amending third party personal information. Working from home can mean children seeing you work, leaving them alone even for a minute can lead to enquiring minds pressing the wrong key/button and sending information to the wrong place or even delating information.
If using a personal machine once the work day is over is company information removed or does it remain on the personal device. If so for how long and what happens if an individual decides to change employment? What checks are in place to ensure that the individual does not have (even unwittingly) copies of customer personal information?
There is also the storage of any physical data/information an individual needs, for example counsellors, GP, nurses, solicitors, council employees teachers and many others often have files relating to individuals, their contact information and other background information such as medical history, legal proceedings, education information etc. How and where do they store this information at home? How do they ensure this information is not visible to other family members or third parties e.g. is it visible in the background of a Zoom or Skype call? If you are working from home during the pandemic or you normally work from home anyway what policies or protections has your organisation put in place to minimise the data protection risk?
Been a victim?
Has an organisation informed you that your personal data was accessed during a cyber-security incident? Have they stated this was due to their staff working from home? If you want to discuss any data breach incident further, please do not hesitate to contact one of our team.