As a result of the current COVID-19 pandemic, many (if not most) employers have directed their employees to work from home. With this in mind, it is crucial for employers to understand that their overriding obligation to provide employees with a safe workplace has not changed.
In circumstances where an employee is working from home, the employee's home becomes their official workplace, and their employer must continue to ensure their safety whilst working within this space. At the same time, employers must be sure to protect confidential information, legitimate business interests and the private data of customers, as well as those within any relevant supply chains.
Holman Webb urges employers to consider the following:
- Employers must ensure compliance with the Work Health and Safety Act 2011 (NSW) by providing employees with a safe work environment. If an employee is working from home (which at present seems to be the most effective means of ensuring the safety of employees), employers have a duty of care with regard to the health and safety of that employee.
It is well established that injuries can arise in the course of employment, despite not occurring in the usual workplace.
- For some employees, the transition to working from home may have been rushed when Australia's social distancing measures first came into force. If they haven't already been introduced, now is the time to implement measures that would have ordinarily been explored prior to allowing employees to work remotely.
Employers should ensure that all employees complete a safe workspace checklist before commencing work from home. Employees should also undertake a risk assessment of the designated workspace before commencing any work from home - for example they should ensure both smoke alarm compliance, and that there is an unobstructed escape plan in place in case of a fire.
Employers should regularly monitor and assess the home workspace wherever possible. This could be done via Facetime, Microsoft Teams or Skype - or by requiring employees to periodically submit photos of their home workspace.
- Employers must ensure that employees who are working from home are doing everything within their power to protect the company's confidential information (as would normally be the case). Employers should ensure that access to company networks is secure and encrypted.
Employers may consider the use of a VPN and/or other strategies, if not already implemented. As employees may be accessing confidential client data, it is imperative that such data is protected and that the employer complies with its privacy obligations. If employees require hard copies of files, they should ensure that confidential information isn't accidently disclosed to others in their household. This may mean providing employees with a lockable filing cabinet or other similar security measures.
- If your organisation doesn't already have one, Holman Webb advises introducing a working from home policy. If there is already a policy in place, as with all policies, it is necessary to both ensure that all employees are familiar with the policy, and undertake relevant training and consultation to ensure full cooperation. Failure to properly implement a policy will effectively render it worthless.
Holman Webb recommends that employers email any relevant policies to employees, and ensure that they are accessible to employees at all times (e.g. uploaded to an internal intranet).
We also encourage employers to provide employees with training relevant to the policy/policies, as well as opportunities to communicate any questions or concerns that they may have.
The Privacy Act 1988 (Cth) does not prevent employees from working from home as a response to the current COVID-19 pandemic, although it is important to remember that the Australian Privacy Principles ('APPs') will continue to apply. The APPs apply to all private sector businesses with an annual turnover of more than $3 million, as well as all Australian private health service providers, government agencies, and a limited range of small businesses.
- The Office of the Australian Information Commissioner ('OAIC') has released guidance on understanding privacy obligations towards staff in light of COVID-19. The OAIC suggests that in order to manage the pandemic while respecting privacy, agencies and private sector employers should aim to limit the collection, use and disclosure of personal information to what is necessary to prevent and manage COVID-19. Similarly, agencies and private sector employees must take reasonable steps to keep confidential information secure.
- Employers must consider similar cyber security measures to those that apply in normal circumstances, for employees working remotely. The OAIC has provided some useful tips to protect personal information when working remotely:
- Increase cyber security measures in anticipation of the higher demand on remote access technologies, and test them ahead of time.
- Ensure all devices, Virtual Private Networks and firewalls have the required updates and the most recent security patches (including to operating systems and antivirus software) and have strong passwords.
- Make sure all electronic devices are stored in a safe location when not in use and logged off.
- Only use work email accounts (not personal accounts) for all work-related emails that contain personal information.
- Do not use public Wi-Fi when accessing confidential or sensitive information.
- Implement multi-factor authentication for remote access systems and resources (including cloud services).
- Accessing and using only trusted networks and cloud services.
- Confidential conversations should be held in areas of your home where there is little interruption or risk of inadvertent disclosure.
- If you suspect your device or data has been accessed by an unauthorised party, or if you lose your device, contact your IT Support Services as soon as possible.
- Keep up to date with the latest advice from the Australian Cyber Security Centre.
Unfortunately, the COVID-19 pandemic has provided an unprecedented opportunity for cybercriminals to scam people out of money, data and access to systems.
With this in mind, while working from home employees should:
- Exercise critical thinking and vigilance when receiving phone calls, messages and emails.
- Exercise caution when opening messages, attachments, or accessing links forwarded by unknown senders.
- Be wary of any requests for personal details, passwords or bank details - particularly if the message conveys a sense of urgency.
If there is any doubt as to the communicator's legitimacy, delay any immediate action, then re-establish communication using alternative contact methods (e.g. LinkedIn, phone or a separate email address).
Tips for working from home during the COVID-19 pandemic
Holman Webb suspects that most employees with the ability to effectively work from home have already been doing so. We encourage employers to take the time to review employee workspaces for any health and safety risks, as well as to put in place any required control measures.
In addition to health and safety control measures, we recommend taking the following tips on board in order to help ensure a safe and successful home workspace:
- Communicate with your employees and coworkers
A key way to avoid both loneliness and miscommunication errors is to schedule regular online video conferences with your teammates. These don't need to be formal conference calls - catching up over coffee or a tea can be beneficial for employees during this time.
- Set work hours
It is important for employers to provide employees with flexibility in relation to their work hours - however, it is just important that employees have a healthy work schedule that allows them to work at maximum capacity without negatively impacting their home life. Encouraging employees to maintain healthy work hours will play a significant role in preventing mental exhaustion.
- Go outside
Employers should encourage employees to go outside and get fresh air during breaks. To maintain the current working conditions over the next few months, it is important that workers take short breaks and exercise regularly. Again, this is a vital factors in maintaining employee mental health.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.