Warner Goodman Solicitors banner
Services
People
News and Events
Other
Blogs

I wonder how I ensure employees working from home are adhering to confidentiality obligations

  • Posted
  • Author

The outbreak of COVID-19 in 2020 led many workplaces to adopt hybrid working arrangements and is now the norm for many organisations. This shift offers numerous benefits, including increased flexibility, enhanced staff retention and cost savings for both employers and employees. However, it also introduces risks, particularly when employees handle confidential and sensitive information. It is therefore imperative for employers to implement effective measures, policies and procedures to mitigate risks and clearly outline expectations for employees handling sensitive information. Managing remote employees effectively will ensure they are adhering to confidentiality obligations and some of the practical steps are highlighted below.

Legal Considerations

While employees should already understand the importance of handling sensitive information carefully, it is undeniable that remote working arrangements increase the risk of confidentiality breaches. Employers need to be aware of these risks to ensure steps are taken to protect sensitive data and minimise the risk of breaches.

With remote working, employees are exposed to the risk of situations where confidential information can be misused, especially where family members are present at home who could unintentionally overhear sensitive information. Whilst a level of trust exists here, employees should take reasonable precautions to protect sensitive data and adhere to confidentiality obligations.

A breach of confidentiality can result in significant consequences for both the employer and employee. Consequences for the employer include  personal data breaches, publication of commercially sensitive information, damage to reputation, financial penalties and lack of trust and confidence. Consequences for employees include disciplinary action, up to and including dismissal.  

Practical Steps to Protect Confidential Information

Employers must implement measures and enforce them to reduce the risk of data breaches. Employers can consider the below steps to achieve confidence in hybrid working arrangements and ensure employees are aware of their obligations and duties when dealing with confidential information.

  1. Employment Contracts
    it is important that employee duties and responsibilities are made clear from the outset, prior to commencement of their employment. Employment contracts should therefore explicitly outline confidentiality obligations and the consequences arising from it. These provisions in the contract should define what constitutes confidential information and remind employees of their ongoing responsibilities. It should also be made clear that these obligations extend even after termination of employment. The employment contracts for employees who work from home could contain additional confidentiality provisions, such as that they will securely store any documents containing confidential information and will not allow member of their household to use company equipment.
  2. Policies and Procedures
    By having up-to-date policies further helps to reduce the risks of potential leaks of confidential information. Employers should pay particular attention to those policies that address remote working and those containing provisions to confidential information. These policies should specifically be brought to the attention of the employee and circulated amongst all staff. It may also be practical for employees to confirm they have read these policies before being permitted to work from home so that there is confirmation that the employee understands their obligations.
  3. IT Equipment
    Employers should provide secure IT equipment with encryption and security software, along with regular training on its use to further enhance understanding and the handling of confidential information. Conditions like using privacy screens, headphones, and VPNs can enhance security when working from home. For example, the employer could make the use of headphones a requirement on the employee when conducting client meetings and calls to reduce the risk of family members and others from overhearing sensitive information. Additionally, employees may be advised to avoid working in public spaces or near family members where possible.
  4. Training
    The Financial Conduct Authority (FCA) recommends firms to ensure hybrid working arrangements address data and cyber risks. To ensure compliance with such obligations, regular training sessions will help employees understand the importance of confidentiality and how to protect and handle sensitive. Scenario-based exercises on security risks and cyber threats can prepare employees to identify and respond to potential issues and these can form part of the employee’s induction process to highlight its importance.
  5. Defined Workspaces
    Assessing the employees’ home workspace can ensure they are suitable for handling sensitive information. Where the employee requires taking files and client information home, further training should be provided on handling of such files and their safekeeping. For example, employers can provide secure storage containers to store documents and files outside the office.
  6. Ringfencing and Regulatory Requirements
    Sensitive information can be ringfenced within systems, limiting access to only those who need it. This will minimise the likelihood of a data breach.

While hybrid working offers many advantages, it also requires additional safeguards to protect sensitive information. Employers must establish clear policies, provide appropriate training and equipment and foster trust with remote workers. Taking these steps not only minimises risks but  ensures a more efficient and secure work environment for everyone.

If you have any questions about your responsibilities as an employer, or if you would like help amending your policies, please get in touch. Our Employment Team can be contacted by emailing employment@warnergoodman.co.uk or by calling 023 8071 7717.