PUBLIC RELATIONS
Wednesday 22nd April 2020
Working from Home? Legal Tips for the Unwary
By Paul Herbert, Partner at Goodman Derrick LLP,
Remote working, teleworking, WFH – call it what you will – is no longer a Friday or Monday occasional treat.
It’s now the norm and will be for some time to come, at least in the services sector. Evangelists tell us it leads to better engagement, healthier work/life balance and, most importantly for employers, higher productivity and better quality work. But these arrangements entail certain implications and risks.
We know what we need: a laptop or desktop computer and an internet connection. But there it starts: allowing members of staff to connect to the office network with their own devices, while cheaper for the employer (though some of the better resourced PR agencies will have purchased office approved kit for their staff) is potentially problematic in relation to two key areas of particular concern to clients: confidentiality and security.
The device may house malware which could infect and disrupt the office network. Then, if the business uses on-premise software applications this will result in data being downloaded and stored on that device.
That gives rise to an obvious problem if the device gets lost or stolen – a more likely occurrence when located away from the office.
One solution is to ensure that the data on the device is automatically encrypted whilst at rest. Far better is the use of cloud based applications accessed by a virtual private and encrypted network, such as Citrix. These usually require two stage authentication to buttress security.
Whichever mode of access is used, make sure that it is authorised under the licence arrangements for the applications.
It may be that remote users are counted as additional users for authorisation purposes meaning that additional charges are payable. Application providers invariably stipulate audit provisions in their terms and conditions which enable them to check up on their customers’ usage arrangements. Expect a spate of these audits post-lockdown!
No lesser authority than the National Cyber Security Centre (NCSC) has published guidance around protecting data where staff are working outside of their normal office environment.
Apart from the technical aspects there are the more mundane considerations.
What if you live in a shared space with (non-familial) house sharers? With an average age of 28, the PR and comms sector remains a young industry so this scenario is likely to be commonplace. The risk of casual leakage of confidential information is real, gleaned from an active screen, an overheard conference call or printed papers.
I have recently been advising a call centre accessed by members of the public subscribing to national magazines. The call centre staff have now been enabled to provide this service from their homes.
They routinely collect and process credit card information from callers – information of great potential value to those in the immediate vicinity with criminal inclinations.
And don’t forget the data protection side of things: careless security on the part of remote staff could create liability for the employer if personal data is inadvertently divulged.
And then of course there are the drawbacks to working from home: loss of those water cooler moments so valuable for camaraderie and morale and occasionally even the catalyst for unexpected opportunities. And as many will admit to, the need for idiot sense checks with an adjacent colleague.
But the Ayes have it for the immediate future, and as is increasingly predicted, for the new normal post lockdown.
Paul Herbert is a partner in the commercial team at London law firm Goodman Derrick LLP.
Photo by Icons8 Team on Unsplash
Remote working, teleworking, WFH – call it what you will – is no longer a Friday or Monday occasional treat.
It’s now the norm and will be for some time to come, at least in the services sector. Evangelists tell us it leads to better engagement, healthier work/life balance and, most importantly for employers, higher productivity and better quality work. But these arrangements entail certain implications and risks.
We know what we need: a laptop or desktop computer and an internet connection. But there it starts: allowing members of staff to connect to the office network with their own devices, while cheaper for the employer (though some of the better resourced PR agencies will have purchased office approved kit for their staff) is potentially problematic in relation to two key areas of particular concern to clients: confidentiality and security.
The device may house malware which could infect and disrupt the office network. Then, if the business uses on-premise software applications this will result in data being downloaded and stored on that device.
That gives rise to an obvious problem if the device gets lost or stolen – a more likely occurrence when located away from the office.
One solution is to ensure that the data on the device is automatically encrypted whilst at rest. Far better is the use of cloud based applications accessed by a virtual private and encrypted network, such as Citrix. These usually require two stage authentication to buttress security.
Whichever mode of access is used, make sure that it is authorised under the licence arrangements for the applications.
It may be that remote users are counted as additional users for authorisation purposes meaning that additional charges are payable. Application providers invariably stipulate audit provisions in their terms and conditions which enable them to check up on their customers’ usage arrangements. Expect a spate of these audits post-lockdown!
No lesser authority than the National Cyber Security Centre (NCSC) has published guidance around protecting data where staff are working outside of their normal office environment.
Apart from the technical aspects there are the more mundane considerations.
What if you live in a shared space with (non-familial) house sharers? With an average age of 28, the PR and comms sector remains a young industry so this scenario is likely to be commonplace. The risk of casual leakage of confidential information is real, gleaned from an active screen, an overheard conference call or printed papers.
I have recently been advising a call centre accessed by members of the public subscribing to national magazines. The call centre staff have now been enabled to provide this service from their homes.
They routinely collect and process credit card information from callers – information of great potential value to those in the immediate vicinity with criminal inclinations.
And don’t forget the data protection side of things: careless security on the part of remote staff could create liability for the employer if personal data is inadvertently divulged.
And then of course there are the drawbacks to working from home: loss of those water cooler moments so valuable for camaraderie and morale and occasionally even the catalyst for unexpected opportunities. And as many will admit to, the need for idiot sense checks with an adjacent colleague.
But the Ayes have it for the immediate future, and as is increasingly predicted, for the new normal post lockdown.
Paul Herbert is a partner in the commercial team at London law firm Goodman Derrick LLP.
Photo by Icons8 Team on Unsplash