The dramatic and
unplanned surge in UK home working during the coronavirus “lockdown” has
significantly increased the risk of businesses suffering data security breaches,
says Fox & Partners, the law firm.
Commissioner’s Office has stated that employers should consider the same kinds
of security measures for homeworking that they would under normal circumstances.
This must be considered a priority since businesses may still be liable for the
actions of an employee if a data breach occurs as a result of remote working*.
If a data breach occurs and the organisation affected did not follow the correct
procedures the ICO may still impose appropriate financial
steps to reduce risk of data security breaches
Fox & Partners has
outlined five simple steps businesses can take to reduce the risk of a data
security breach whilst employees work from home.
- Implementing code names for clients and projects
Businesses who deal with
sensitive information could implement code names for particular clients or
projects in order to retain anonymity. This is particularly important in
regulated industries where confidentiality obligations extend beyond the
protections for personal data required by GDPR.
- Properly password protect devices and enforce lock screen policy
Many people working from
home may be using the family computer and are, therefore, likely to be breaking
company rules over password protection. Companies should make employees aware of
password requirements, check that they are following any Bring Your Own Device
policy and enforce locked screen policies when computers are
- Ensure cloud connected software is properly set up
As businesses have rushed
to set up cloud computing connectivity, many of those networks may not have been
properly secured. There is an increased likelihood an employee may accidentally
send a confidential document to their neighbours’ printer or a public server. It
is therefore crucial that companies ensure their online systems are properly set
up and connected to the correct users.
- Packing away or shredding confidential documents
As is protocol in any
office environment, it is vital that paper documents containing confidential
information or personal data is stored away or shredded at the end of each day.
With families and housemates close by, and now an increased number of video
calls allowing us to look into people’s homes, there are greater opportunities
where data could be inadvertently shared and leaked.
- Employees should be made aware of the revised data security strategy
Many companies and their
employers may not have implemented processes of remote working before now. It is
essential for businesses to advise workers on its data security strategy and to
be aware of the conditions under which its employees are currently
Caroline Field, Partner at Fox & Partners, says: “Suddenly shifting almost all UK office workers to home working is completely unchartered territory in terms of data security.”
“Even if, as we hope, the ICO is more lenient on fines there are serious financial consequences if a business suffers a data breach.”
Eleanor Diamond, Associate at Fox & Partners, adds: “We have already seen a host of scams where criminals are taking advantage of the crisis and we expect these to grow in scale. Businesses need to be alert to that.”
*The recent Morrisons
case only held that the employer was not “vicariously liable” for the illegal
actions of its employee that were unrelated to his duties at work and pursued to
deliberately harm his employer.
**Normally these could be
as much as €20m or 4% of total annual worldwide turnover. However, during the
crisis the ICO has said it will consider the “affordability” of the fines it