Remote Working: Briefing Note - March 2020

Remote Working: Briefing Note - March 2020's Tags

Tags related to this article

Remote Working: Briefing Note - March 2020

Published 30 marzo 2020

Together, we are all facing many challenges as we adapt to new ways of doing business. Handling information, both ours and our clients, is what we do on a daily basis. DAC Beachcroft Dublin has been fully agile for some time and we have clear policies and procedures in place to make sure that the confidentiality, integrity and availability of our systems and the information that we hold remain secure in accordance with our legal and regulatory objectives. 

We understand that many of our clients have questions about remote working and we want to share our knowledge with you. We are working with our clients to ensure that their data governance, security and breach response processes are still fit for purpose at this challenging time, when it is easy to slip into bad practices. For example, the following behaviours are often seen when people are facing challenges to get things done when away from the office:

  • Sending confidential documents to personal email addresses when work systems fail or are not available;
  • Taking documents home from the office and then keeping them with insufficient shredding or confidential waste disposal systems;
  • It may be difficult to avoid family members or housemates inadvertently overhearing confidential telephone conversations.

It has never been more important to have clear, transparent and easily accessible polices in place. Employees need to be reminded of good information security practices and their obligations to report any security breaches to you promptly so that you can assess whether the breach is reportable to the Data Protection Commission (DPC). Statutory timescales have not been extended and as such the obligation to notify the DPC, where feasible, of certain breaches within the 72 hour statutory timeframe remains.

If you do suffer a breach, our Breach Response team has extensive experience of advising clients in relation to data breaches in a range of industry sectors. We have guided clients through a number of high profile and complex data breaches, frequently with an international dimension, and involving  extortion, ransomware, wire transfer frauds, financial recoveries/ and Norwich pharmacal orders. To receive advice on a breach you can contact our dedicated 24/7 breach response service hotline +353 (0)1 231 9602 or email our Breach Response Team through our dedicated email address DataRisk@dacbeachcroft.com.

Below are some tips that will help you ensure that the personal data you process is kept safe when working away from the office.

Devices

  • Keep devices secure and avoid leaving in cars or beside open windows etc;
  • Ensure all security is up to date;
  • Continue to lock your device if you do have to leave it unattended for any reason and turn off, lock and store your device safely after use;
  • Use effective access controls (such as multi-factor authentication and strong passwords) and, where available, encryption to restrict access to the device;
  • When a device is lost or stolen, take steps immediately to ensure a remote memory wipe, where possible and notify your Data Protection Officer.

Emails 

  • Make sure that employees are familiar with your email policy;
  • Continue to use work email accounts rather than personal accounts for work-related emails. If you have to use personal emails make sure the contents and attachments are encrypted;
  • Avoid using personal or confidential data in subject lines;
  • Before sending an email, double check to make sure you are sending it to the correct recipient;
  • When emailing a password protected document always ensure that the password is sent separately to the attachment, ideally by another means of communication (e.g. by phone).

Cloud and Network Access

  • If possible only use your organisation’s trusted networks or cloud services, and ensure you comply with internal rules about network access, login, data sharing;
  • If you are working without cloud or network access, ensure any locally stored data is adequately backed up in a secure manner.

Paper Records

  • Where possible, agree that all communication can be sent electronically;
  • Keep a written record of what records and files have been taken home;
  • If post is necessary, double check the recipient’s name and address and retain an electronic copy for your file;
  • Request confirmation of safe receipt from the recipient and it if it not received consider whether notification to the DPC is required;
  • Limit the amount of paper files but where they are necessary ensure that they are stored safely and securely, preferably in a locked fling cabinet or room;
  • Make sure that files are disposed of correctly and, in particular, that you continue to shred confidential documents;
  • If you are dealing with records that contain special categories of personal data (e.g. health data) you should take extra care to ensure their security and confidentiality, and only remove such records from a secure location where it is strictly necessary to carry out your work.

Electronic Signatures

  • Treat the scanned copy of your personal signature in the same way as your wet ink/personal signature. Do not ask anyone to insert your signature for you - if someone is sending a letter on your behalf then they should PP it;
  • Consider regulatory requirements - the relevant supervisory authority may be required to agree to the execution of the document in an electronic form;
  • Board minutes and resolutions can be signed electronically, but you should check constitution documents to confirm that there is no restriction on this;
  • If a signature has to be witnessed consider if the witness must be physically present for a signature to be validly witnessed i.e. not witnessing by Skype.

Instant Messaging

  • Make sure all employees are familiar with your social media policy. Employees should be aware that sending emails or instant messages on the firm's systems may be accessed by others.  Private messages do not excuse poor conduct;
  • No matter what the communication - if in doubt, don't send it! Once something is sent or posted online it is very difficult to get it back;
  • Always consider who might be around and could overhear your conversations, particularly when you are house sharing.

If you require any further assistance on the above please contact Rowena McCormack on 01 231 9628 or Aidan Healy on 01 231 9669.

Key Contacts

Rowena McCormack

Rowena McCormack

Dublin

+353 (0)1 231 9628

Aidan Healy

Aidan Healy

Dublin

+353 (0)123 19669

< Back to articles