Employers need to be aware of increased threat of data breaches from homeworking


18th September 2020

Kate Wyatt, Partner in Lindsays’ Employment team, issues a ‘take action now’ warning as she says businesses cannot afford to ignore dangers with regulator unlikely to continue to make allowances because of the coronavirus crisis.

The warning comes as businesses face the prospect of huge numbers of people continuing to work from home for the foreseeable future as part of Covid-19 protection measures.

Kate advises that employees must be reminded of their obligation to ensure that confidential data is not disclosed, with training and the proper remote IT access security infrastructure put in place where needed.

Unintended potential risks can come from visitors to their home or those they share properties with simply seeing information on computer screens or from paperwork sitting out.

Data protection breaches can be met with financial penalties or sanctions from the Information Commissioner’s Office (ICO).

Kate said: “The potential increased threat of data breaches from home working is a real one, which businesses cannot afford to ignore. The nature of how we went into lockdown means this may have been overlooked as employees moved out of offices, but with home working a long-term - or permanent - prospect for a great many, employers need to take hold of this issue immediately.

“As home working becomes more normalised, I doubt the ICO will look any differently at breaches because of the circumstances in which it started. They will simply ask why employers have not got their house in order. The ICO undertook in April to adopt a ‘pragmatic and empathetic’ approach to compliance because of the exceptional circumstances. As time goes on, and with home working set to continue, the circumstances are arguably no longer exceptional.

“It’s important that employers show that they have taken all reasonable steps to stop data breaches from happening. They must remind employees about the need for IT and physical security.”

GDPR sets a maximum fine of almost £18m or four per cent of a company’s annual global turnover – whichever is greater – for infringements.

Confidentiality is one of a number of key areas in which employers must take action amid increased home working. Others include monitoring performance management and working hours.

Kate Wyatt said: “The changing work environment will alter the way that many companies have to manage performance. For organisations which do not have KPIs in place, they are going to have to think about how they assess performance with a greater number of staff working from home.

“Businesses were too busy firefighting a lot of ramifications of home working as we went into lockdown, but that does not remove the obligations they have to their staff. They have to consider these issues before problems arise rather than just as they happen.”

Kate Wyatt
Partner, Employment Law
01382 317182

Back to news