COVID-19: data protection and remote working
Published On:Tuesday, March 24, 2020
Measures to control and prevent the spread of COVID-19 means more people will be working remotely.
For remote working to be successful, it is important that organisations have effective records management and data protection policies in place to ensure that personal data remain accurate, up to date and secure and with organisations knowing where and with whom their records are held.
To ensure that businesses can run effectively, without additional risk during the pandemic, and to be able to return to normal as quickly as possible once the crisis is over, staff must understand the need to adhere to such policies.
Where necessary your policies and procedures should include:-
Cloud and Network Access
- Seek to use your organisation’s existing trusted networks or cloud services.
- Ensure staff continue to comply with the rules and procedures for cloud or network access, login and, data sharing.
- If any staff are working on standalone systems, without network access, ensure any locally stored data will be securely backed up.
- Make sure that any device has all necessary updates installed, in particular firewall and antivirus updates.
- Use effective access controls and encryption to reduce the risk if a device is stolen or misplaced.
- Ensure the device is used in a safe location.
- Prevent others from using the device or viewing the screen. This is particularly important where sensitive data is processed.
- Lock your device when unattended.
- Make sure your mobile devices are secure when not in use.
- Seek to use work email accounts rather than personal ones for work-related emails involving personal data. If you have to use personal email make sure contents and attachments are encrypted.
- Before sending an email, double check that it will be sent to the correct recipient.
- Sensitive data should be encrypted.
- Where possible avoid removing paper records from the organisation's premises, for example, consider alternatives such as scanning.
- If it is necessary to remove paper records, then maintain logs of what records and files have been taken home and by whom.
- If paper records contain special categories of personal data, such as health data, then extra care to ensure their security and confidentiality will be required.
- Ensure the security and confidentiality of paper records, by making sure they are not left somewhere where they could be read by others, misplaced or stolen, for example, keep the records in a locked filing cabinet or drawer when not in use.