Many employees are now forced to do their work from the home office. Data protection in the home office must not be neglected.
What do your employees need to be aware of when it comes to data protection in the home office?
- Make sure nobody else sees the personal data you use. Don’t leave prints on the desk and don’t talk sensitive details on the phone while family or neighbours are listening.
- Avoid hard copies where practical. Where paper is unavoidable, store personal data in a separate, lockable room or at least in a lockable cabinet.
- Do not use IT equipment provided by the employer for home office work privately.
- Children are not allowed to use the company PC or notebook for homework or other activities.
- Don’t forward business email to your personal mailbox.
- Don’t use a private Memory Stick for business data. Make sure your business memory sticks are encrypted.
- If documents containing personal data, e.g. printouts used for one’s work, have to be destroyed, this must be done in accordance with data protection regulations. Printouts containing personal or sensitive data must be shredded.
The employer also has duties to ensure that working and data protection in the home office is successful.
- Provide computers and ensure hard drive encryption. Using the private equipment is a security risk.
- If the client passes on a USB stick, this must also be encrypted.
- Make sure to use state of the art software for data transimssion.
- Do not allow unprotected remote access to the Company Network. Make sure to use a VPN connection.
- The company’s Internet connection must be able to cope with the sudden high demand. Testing the load capacity of your Internet line is therefore recommended.
- Make sure to impement clear policies about personal data use. This is essential to allow safe work at home.
- Ensure that created printouts containing personal data are destroyed. If possible, a shredder should be provided for the home office.
Establish policies on how your employees must handle personal data. Keep them in writing and preferably get a signature (even if it’s just in the form of a photo via cell phone). Keep in mind that it is you, the business owner, who suffers the damage to your image and has to pay the penalty in the event of a violation.
Ing. Andreas Schindler, data protection expert