Click to view the latest updates on our services.  Service Status Update.

contact call08003764422


Restore Datashred News

Working from home: getting data protection right
/ Categories: November

Working from home: getting data protection right

Giving remote working a secure future.

For those who can work from home – and that is around half the working population – there are significant personal gains such as cost savings on travel and subsistence, time savings by not commuting, and wellbeing savings by not trying to shoehorn so much into waking hours.

In a survey conducted earlier in the summer the stats add up to support this: 74% of respondents said they had completed their work to at least their usual standard, if not higher, so productivity does not appear to have suffered. Looking ahead, in the same survey quoted by, 84% said it was important that we should all be able to choose

where we work, while 60% or more would take up the offer of working from home in the mid- to long-term.  

WFH: getting data protection right
Certainly, while the coronavirus is still prevalent and localised lockdowns inevitable, employers are having to look at how they can flex their ways of working, and their policies and protocols, to accommodate the situation.

One of the key areas for any business focus has to be data protection. GDPR is still in force – and the fines are ramping up; data breaches are still happening on an alarmingly regular basis – with almost 78 million personal records leaked from high profile individuals, universities and charities in July alone; and scams and phishing email have multiplied many times over.

Employees may be working out of sight, but any gap where risk can enter needs to be plugged. 

The pros
It’s not all doom and gloom for DPOs and the damage limitation team, though. For physical data the risks of exposure by working from home are greatly reduced – fewer documents are left in trains, planes and automobiles, in photocopiers, on desks, in unlocked filing cabinets or thrown away in general waste bins.

Human error is to blame for 88% of data breaches in the UK*
* according to Kroll, Global Risk Consultants

It’s relatively easy to increase the number of working-from-home benefits by implementing a rigorous Data Protection Impact Assessment (DPIA) process that fulfils GDPR requirements.

General principles of the DPIA should be to ensure that policies, procedures and guidance for WFH employees are clear around accessing, handling and disposing of personal data; that all your teams are using the most up-to-date version of your remote-use software; that your security protocols are known and strictly adhered to. The Information Commissioner’s Office website has fairly detailed lists to help you form the backbone that facilitates your organisation’s WFH approach.

The cons

For all the benefits of remote working for many employees, for an organisation to maintain professionalism and productivity requires hard work at the set-up stage and consistent, transparent monitoring thereafter.

Conducting a thorough DPIA is certainly the right route to go down so that you and your employee can establish protocols around using company versus personal devices, software, file sharing, uploading to the cloud, remote access and maintenance, and so on.

What is more difficult to keep an eye on is the human factor.

How private is the screen and workstation in a house or flat share, for instance? Is there somewhere secure to lock away equipment at the end of the working day? If paper is still much used in your line of work, how does your employee handle it? Into a secure home shredding service box for safe, discreet disposal at the right time, or does it end up in household recycling or as art paper for the kids?!

A key issue, too, is the security of your employee’s internet connection. The use of home broadband for sensitive work makes it easier for scammers and hackers to breach business systems and protocols. Firstly, because you cannot use your in-house security set up to protect the whole line and, secondly, because you simply don’t know when or if a breach has occurred. It’s not your system. 

We spoke to Restore Plc’s Group Data Protection Officer, Trevor Norman, for his view on giving remote working a secure future.

“Generally, employees feel that once they enter the safety of your premises, everything is secure and it is someone else’s job to worry about the risks. Working remotely brings home the responsibility of all sorts of good working practices to the individual.

“In some ways, the lack of an mfd printer or similar when working remotely assists data protection as it means information will not continue to be transferred from a digital format to a physical one in such vast quantities. This does beg the question of why there is still so much physical data produced anyway – multiple copies of board meeting papers, hard copies of PowerPoint presentations, and so on, which all end up in the confidential waste an hour after being produced.

“Computer security is a major consideration when working remotely although ironically your work colleague looking over your shoulder at your screen in the office may not have any more of a right to look at any personal information you have access to than your family or next door neighbour. Basically, the same standards of locking screens and attaching privacy screens should be adhered to at all locations.

“The security of using the internet, as outlined previously, seems to be resolved by companies providing a secure VPN dial-up into their servers so employees can work within the same secure environment as if they were working in an office. Email is also secured within this environment but an emphasis on sharing data instead of sending data attached to emails is a real cultural shift, even for those still working within the office environment.

“As to the security of laptops themselves, a high level of IT security will ensure that no matter how many laptops are ‘lost’, they cannot be accessed and the VPN link cannot be engaged.

“Finally, the internet appeared to function at acceptable levels prior to the pandemic. The number of people needing to work from home, and continuing to do so, has, however, shown up the holes in the service and system in this country. As a solution, it seems to make perfect sense to me that the money saved by employees not travelling to a fixed place of work every day combined with the savings made by organisations not having to provide expensive office space could be allocated to paying for the level of internet service expected, and feasibly delivered by internet providers at the right price. Given reports in the press only this week (w/c 14 September), about the frankly staggering bills some rural workers in infrastructure ‘blackspots’ can expect from BT for installing fast fibre broadband, I wonder how much of a pipedream that is!”