Coronavirus is on everyone's mind. Many people are working from home. The work-from-home scenario presents some privacy implications related to: Communication, Devices, Policies and Procedures, Security, and Accountability and Auditing. Businesses will have to build new compliance muscle with work-from-home workers. The appropriate automation must be used to keep up with work-at-home factors.
Withoutthe regular communication on site, workers will have to make more decisions ontheir own, including about the use of data. Without the regular sync of teammeetings and one-on-one personal dialogue to give direction, strategies andobjectives might not be as clear, and workers might use personal data in waysnot otherwise approved. When workers work remotely, an extra effort has to bemade at frequent and clear communication, through calls, online meetings,email, etc. With respect to privacy and the use of data, it is important thatworkers are clearly and consistently informed about what can and cannot be donewith data. This starts with the data itself having enough meta data describingits purpose so that workers know how it can be used. Additional training mightbe needed to drive home any new procedures necessary to ensure privacyrequirements are met.
Alongthe lines of BOYD, employees who work from home might have to use their owncomputers, telephones, cell phones, personal networks, etc. to work from home.Aside from the obvious security issues, the normal business privacy safeguardswill not be as robust. Workers might decide to download data to their home,personal machines. If they don't have fast access to on site applications anddata stores, they might become frustrated with things like network lag anddecide to download datasets to personal machines in order to get work done. Yetthe purpose for which the data was originally collected might not allow forthis type of transfer and processing.
Internal privacy policies and procedures might limit what can be done by remote workers. Yet work must get done. So workers might cut corners with data use, not following standard protocols. An example is sending personal data sets through unsecure email. Most privacy laws and regulations require a base level of security, given the purpose of the data. In order to get work done however, workers might be tempted to step outside of standard procedures and violate privacy policies.
Part of privacy is security. Security requirements are dictated by the purpose of the data. Data for a sensitive purpose (health care, financial management, genetics, etc.) might require greater security, especially in a remotely-working scenario. Employers should understand the purpose of data processed by or about work-from-home workers to ensure the appropriate security safeguards are in place. Employers can do so by automating privacy compliance with a PurposeGraph around the work-at-home scenario.
Perhaps the biggest problem with remote work is accountability, or lack there-of. Even on-site, auditing and monitoring can be a challenge. Remote work makes it harder. Without automation, managers have an additional set of things to do to ensure workers are following procedures and policies, and getting work done while respecting the nature of the personal data they are processing.
Areas of Work-From-Home scenario privacy considerations: Communication, Devices, Policies and Procedures, Security, and Accountability and Auditing.