Automate Privacy Compliance for Work-From-Home Workers
Coronavirus is on everyone’s mind. Many people are working from home. The work-from-home scenario presents some privacy implications related to: Communication, Devices, Policies and Procedures, Security, and Accountability and Auditing. Businesses will have to build new compliance muscle with work-from-home workers. The appropriate automation must be used to keep up with work-at-home factors.
Difficult or Lack of Communication with Remote Workers
Without the regular communication on site, workers will have to make more decisions on their own, including about the use of data. Without the regular sync of team meetings and one-on-one personal dialogue to give direction, strategies and objectives might not be as clear, and workers might use personal data in ways not otherwise approved. When workers work remotely, an extra effort has to be made at frequent and clear communication, through calls, online meetings, email, etc. With respect to privacy and the use of data, it is important that workers are clearly and consistently informed about what can and cannot be done with data. This starts with the data itself having enough meta data describing its purpose so that workers know how it can be used. Additional training might be needed to drive home any new procedures necessary to ensure privacy requirements are met.
Personal Computers and Other Devices Used More
Along the lines of BOYD, employees who work from home might have to use their own computers, telephones, cell phones, personal networks, etc. to work from home. Aside from the obvious security issues, the normal business privacy safeguards will not be as robust. Workers might decide to download data to their home, personal machines. If they don’t have fast access to on site applications and data stores, they might become frustrated with things like network lag and decide to download datasets to personal machines in order to get work done. Yet the purpose for which the data was originally collected might not allow for this type of transfer and processing.
Data Use Procedures and Policies
Internal privacy policies and procedures might limit what can be done by remote workers. Yet work must get done. So workers might cut corners with data use, not following standard protocols. An example is sending personal data sets through unsecure email. Most privacy laws and regulations require a base level of security, given the purpose of the data. In order to get work done however, workers might be tempted to step outside of standard procedures and violate privacy policies.
Work-At-Home Security Appropriate Given the Purpose of the Data
Part of privacy is security. Security requirements are dictated by the purpose of the data. Data for a sensitive purpose (health care, financial management, genetics, etc.) might require greater security, especially in a remotely-working scenario. Employers should understand the purpose of data processed by or about work-from-home workers to ensure the appropriate security safeguards are in place. Employers can do so by automating privacy compliance with a PurposeGraph around the work-at-home scenario.
Accountability and Auditing
Perhaps the biggest problem with remote work is accountability, or lack there-of. Even on-site, auditing and monitoring can be a challenge. Remote work makes it harder. Without automation, managers have an additional set of things to do to ensure workers are following procedures and policies, and getting work done while respecting the nature of the personal data they are processing.
Areas of Work-From-Home scenario privacy considerations: Communication, Devices, Policies and Procedures, Security, and Accountability and Auditing.