How has the Pandemic’s Seismic Shift to Increased Remote Work Affected Privacy?
A recent poll by a global market research and public opinion specialist – IPSOS, revealed that approximately 36% of people who worked from home during the pandemic anticipate a return to their offices on a regular basis in the near future. This means that more than half of paid employees expect a work-from-home environment to be their new normal at least in the short term. For many organizations/institutions, the transitions toward work-from-home structures means employers have had to create additional privacy policies/procedures or amend existing ones. As more work-from-home job options for employees are created, elevated levels of concerns arise regarding safeguards for both client/customer privacy and employee privacy including proper use/storage of client personal information, wider scope of employee monitoring, safety of work devices and safety of internal work communications.
From purchase order patterns to credit card information to home addresses, clients’ personal information is collected, used and disseminated by organizations/institutions regularly. Employee records such as payroll information, attendance reports, formal and informal personnel files, resumes, records of web-browsing, discipline notes, sick notes and evaluations also circulate within workspaces as needed.
To protect clients’/customers’ personal information, organizations should require employees to use strong remote access controls such as multi-factor authentication, a Virtual Private Network (VPN) with end-to-end encryption and a secured WiFi. In addition, staff should obtain permission before installing any non-approved software/apps. Though not recommended, if employees are required to use their personal devices for work, employers should remind them of safe privacy practices. Regarding home workspaces, the Information and Privacy Commissioner of Ontario advises employers to remind their staff to set up private workspaces where private information, conversations and meetings can be properly safeguarded. For more tips, see our blog, Working from home.
The Office of the Privacy Commissioner of Canada instructs organizations to consider the privacy rights of its employees when monitoring their work at home. This is important because, if not implemented properly, digital surveillance of employees can lead to heightened stress levels, reduced autonomy and creativity and mental health effects. Regarding safeguarding employee personal information in a work-from-home context, the Information and Privacy Commissioner of Ontario encourages organizations to remind staff that office and security policies also apply in a work-from-home context and staff need to report any security breach incidents immediately.
Furthermore, a longer-term work from home strategy should be created by organizations and include monitoring and evaluating effectiveness of access and privacy in a remote context, an update of corporate files and secure records keeping. As more employers shift toward increased remote work arrangements and use of monitoring technologies in this digital world, the privacy authorities have called on governments to develop or strengthen laws to protect privacy. They have also asked employers to be more transparent and accountable in their workplace monitoring practices.