Until a few months ago, teleworking was considered something out of the ordinary. Locally at least, employers seemed unprepared or possibly unwilling to convert to the realm of remote access; whether due to IT costs, data protection, operational concerns or simply wariness as to employees’ productivity. COVID-19 however may have changed all this forever.
In the last couple of months, teleworking has joined the buzzwords for 2020, seeing both businesses and employees scrambling towards it, unquestioningly, for survival. In a time when social distancing is the new normal, the unthinkable has happened – the likes of school lessons, business meetings, grocers and retailers have joined restaurant deliveries, online. However, teleworking carries legal implications that need to be considered. Amongst issues at stake are cybersecurity, data protection, and confidentiality. It is important, today, for employers to have policies and procedures in place that are made known to employees and applied, both on the workplace, and when teleworking.
Starting off, an employee is required to have a computer, a telephone and a working internet connection to work from home. Sounds simple enough, but not enough. The employer should first ensure that the employee is reminded of his basic obligations towards the company, i.e. confidentiality, productivity, availability and observation of laws. Unless already provided in the employment contract, it would be advisable to sign a teleworking agreement reminding the employee of basic obligations towards the employer, procedures to follow and employer expectations of teleworkers. It must be clarified that notwithstanding teleworking arrangements, the teleworker is always considered to retain all his rights as an employee.
Confidentiality and data protection are not necessarily the same thing, but go hand in hand. Information subject to data protection is usually confidential in nature, but not all confidential information is subject to data protection. The obligation of confidentiality is about the non-disclosure of work-related or work-sensitive information, such as business plans, strategies, accounts, internal communications or client briefs. In some sectors, such as banking or professional services, confidentiality is taken a step further with professional secrecy. Data Protection obligations regulate the collection, storing and processing of personal information through which a person can be identified – examples include names, addresses, telephone numbers, social network profiles. Such data can only be used for specific purposes that must be communicated to the owner of such data, under very strict rules.
The employer cannot do much more than trust the teleworker’s good faith in not divulging or exposing information or personal details obtained in the course of his duties, to third parties. In reality, this risk is no different to an employee who attends the office.
The employer is obliged to inform the teleworker about the provisions of the Data Protection Act and must take appropriate measures, particularly with regard to software, to ensure the protection and confidentiality of data used and processed by the teleworker in the carrying out of his duties. The employee should be reminded that both he, and his employer, could be subjected to expensive legal proceedings and fines should the teleworker breach confidentiality and data protection, even if accidentally. A few good practices that should be encouraged would be to restrict work to a particular room away from family members, not to discuss details on work, keeping the computer locked under a password known only to the teleworker, and preferably working over a remote desktop and Virtual Private Network (VPN) allowing one to disconnect from the virtual desktop, not save work on the home computer and to be careful not to leave laptops and materials from the office unattended or in unsecure places..
Teleworking exposes one and all to another risk – cybersecurity. We have all received those scam emails asking for our bank accounts to deposit millions of dollars. In these times, increased phishing and similar scams are expected as internet use has shot up. The most prevalent schemes include phishing designed to trick persons into disclosing credentials or other confidential information, as well as business email compromises focused on diverting electronic payments to criminals’ accounts.
In an age when most people own more than one internet-enabled device, good practices would include limiting personal use of the computer used to telework, even if to look up the news, installing proper anti-virus/malware software, and enabling security for browsers and cloud-based applications. Employees must also refrain from collecting, accessing, or distributing illicit material online (even if unknowingly) as not only does this put the computer at risk of confiscation by authorities, but such websites are also a common channel for malware infection.
Telework does not come without its challenges, especially today when legal obligations are numerous. It is with appropriate planning, preparation and investment that telework can be carried out successfully and seamlessly. The benefits of telework, both for the employer and the teleworker are numerous. Once bitten, twice shy. It is time to embrace telework with a responsible plan – it is not just Covid-19 that can require us to work from home in future.
This article is not intended to constitute legal advice. If you require legal assistance relating to remote working, GDPR cyber security, or employment issues please contact us on info@refalo.legal or 21223515.