For most businesses, flexible working includes working remotely. Working remotely or working from home requires a plan to ensure privacy obligations continue to be met.
COVID-19 has created unprecedented working situations, with many employees being required to work from home at short notice. This article sets out some simple practices that you and your employees can implement at home, to ensure privacy standards are maintained.
Separation is key
If possible, your living space and workspace should be kept separate. Aside from your physical environment, this may include having a separate computer or laptop for work.
In a situation where physically meeting clients is not possible, it is important to have a space in your home where you can discuss matters with your clients privately and confidentially. Provided you are using a private space, options for confidential discussions may include Skype, Zoom or the telephone. Zoom's new password function is a welcome addition.
Files and documents
All business and client files and documents should be kept secure, both physically and electronically. Documents should not be taken into your living space, left in your car or left near windows where they may be visible.
Confidential documents or documents containing individuals' personal information should not be thrown in the rubbish or recycling where they could be accessible to others. Documents should be shredded before being disposed of. We suggest keeping a separate wastepaper box for work documents which can be taken to the office for disposal, after the lockdown, in accordance with your business's practices.
There are several security issues that need to be addressed when working on a computer from home. Most businesses will have implemented security measures already. These may include using security programmes, antivirus software and passwords; two-factor password authentication should also be considered by businesses if possible.
Some simple steps you can take at home include never leaving your computer "logged on" and ensuring you update programmes and back up regularly. You need to be extra vigilant when sending passwords and confidential documents electronically. We recommend turning off "autocompletion" in Outlook to reduce the risk of sending an email to the wrong person.
If you are concerned that your business' or clients' privacy may have been breached, notify your business' Privacy Officer (or appointed person) immediately. They can then notify your business' insurer and any other relevant body, such as the New Zealand Privacy Commissioner.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.