‘Remote working’ means working from a location other than your base location. Many people think this simply means using a desktop at home, but it means much more than that and includes e.g. using a laptop on a train or in a café and using a smartphone in the street.
Remote working is now commonplace, but unfortunately issues of data protection are often overlooked, creating unnecessary risks that can and sometimes do result in fines and/or loss of reputation, staff being disciplined and/or losing their positions and the people whose personal information has been compromised being distressed and/or harmed.
Case study 1: A4e
An employee took home his work onto which he had downloaded sensitive information about 24,000 clients. Details included full names, dates of birth, postcodes, employment status, ethnicity and income level. Although key codes were used for some of the more sensitive data, unfortunately the codes were explained in a document also saved on the computer.
This employee’s home was burgled and his laptop was stolen, resulting in A4e being fined £60,000.
Case study 2: Aberdeen City Council
Working at home, an employee, using her own PC that she has bought second hand, accidentally uploaded onto a website documents which related to her work that contained sensitive personal data.
A national newspaper became aware of this through a tip-off and published a story about it, resulting in Aberdeen City Council being fined £100,000.
In both of these cases:
- There was a data security breach arising from people working remotely
- The employer was legally responsible for the security breach
- The employer suffered a substantial fine
There are a number of ways in which employers that permit their employees to work remotely can reduce the risk of a breach of data security.
For more information about data law compliance and risk management call 07902 395989.