Summary

As the Covid-19 Pandemic forces more employees than ever before to work from home (“WFH”), businesses face new and different data privacy and security risks. This change is not lost on U.S. regulators, but it does not mean that businesses will get a pass on data privacy and security issues potentially caused by the shift in working conditions. In an effort to help businesses navigate these new circumstances, BCLP has prepared a series of articles on addressing data privacy and security issues in a WFH environment.

As discussed in our article on incident response planning,^[1] companies now need to be prepared to address security incidents in a work from home environment. But, companies also need to be prepared to address security concerns even before an incident requiring the IRP occurs. To address that need, here are some topics to discuss with your technology/security team:

• Patching. Within the office, patching devices connected to the local network can be accomplished relatively easily. With everyone dispersed, your IT team may need to think creatively to get critical patches distributed to employee devices.
• Updating Procedures. Your IT personnel know what works and what does not work within your company’s information systems. At this point, they also know how working from home has affected systems and procedures, and they likely have a plan to address these changes. Companies should talk with their IT teams about how best to update their policies to address the current environment.
• IT Support for Employees. After rolling out new patches or updating IT policies, the next phase is to ensure that IT personnel are available to help the employees implement the policies or troubleshoot the patches installed on their computers. This means increasing IT employee coverage immediately after changes or patches are rolled out since so many employees are dealing with these issues for the first time on a work from home basis.
• WFH Compliance Trainings. Many companies have a minimum number of privacy and security focused compliance trainings each year to keep their employees sharp on the privacy and security aspects of their work. After the initial frenzy to adapt to working from home, many folks in compliance positions are left trying to complete yearly privacy and security trainings. BCLP attorneys can provide data privacy and security trainings remotely including tabletop exercises, introductory trainings, and training of focused topics. BCLP attorneys can also host data privacy and security trainings for your organization’s employees allowing you to continue focusing on adjusting to working from home.

This article is part of a multi-part series published by BCLP to help companies understand and cope with data security and privacy issues impacted by the Covid-19 Pandemic.  You can find more information on specific data privacy and security issues in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

^[1]           [https://www.bclplaw.com/en-US/insights/work-from-home-cybersecurity-basics-incident-response-planning-in-a-wfh-environment-united-states.html]