Privacy and Data Protection during Remote Work from Home

Avishay Klein, Masha Yudashkin
Barnea Jaffa Lande & Co.
Contact
LinkedIn
Facebook
X
Send
Embed

Working from home requires heightened attention to compliance with privacy protection and data security laws. The basis for such compliance, inter alia, is the Israeli Privacy Protection Authority’s guidelines, “Emphases for managers and employees when implementing a remote work policy vis-à-vis the organizational network.”

Be Meticulous about Data Security

The transition to remote work from home on a significant scale obligates organizations to take meticulous security precautions with regard to their computer and information systems. Companies should implement the following measures in order to mitigate the risk of data leaks or disruptions to business functionalities:

  • Decide which technological tools, software, and means you wish to make available to employees for the purposes of remote work. Make sure these measures provide the requisite level of data security for the organization’s operations.
  • Provide employees with secure organizational systems enabling video and audio calls, and instruct them not to use their personal accounts when making work-related calls.
  • Implement measures to verify users’ identities, inter alia, through two-factor authentication.
  • Implement measures so that employees are unable to save business data on their personal computers, especially sensitive third-party personal information.
  • Proactively inform employees about the risks of remote work and about the organization’s current work practices. Emphasize the risks of using personal email addresses, external software, and any other means not pre-approved by the organization as providing an adequate level of security.
  • Instruct employees to make sure they work in as sterile an environment as possible, while minimizing any possibility that household members within range of their computers may be photographed or recorded.
  • Instruct employees to actively exit all software and accounts connected to organizational systems and to close their computers at the end of their workdays.

Be Judicious When Engaging with Suppliers

The shift to remote work may trigger an urgent need to engage with various suppliers. Some of these engagements may involve the processing and transfer of personal information, actions that must comply with the provisions of the Privacy Protection (Data Security) Regulations. Within this framework, employers should take the following measures:

  • Analyze the risks involved in engaging with the supplier, in terms of the nature of the service, the information it is processing, and the data security measures it is implementing.
  • Draw up a written agreement with the supplier that specifies its obligations in terms of data processing and requisite data security measures.
  • Prioritize engaging with suppliers with good reputations for organizational data security.

The Privacy Protection Authority recently published guidelines for organizations using outsourcing to process personal information, which may be helpful in this regard.

Be Diligent about Protecting Employees’ Privacy When They Work from Home

If you wish to install technological systems enabling you to monitor employees’ work, it is essential that you thoroughly analyze these systems according to the Privacy Protection Authority’s recently published guidelines on the various aspects of privacy protection when monitoring employees working remotely. Within this framework, we recommend the following measures:

  • Before choosing a means of surveillance, it is important to define the company’s legitimate purpose for the surveillance, in a way that justifies the potential infringement of your employees’ privacy.
  • The selected technological system should minimize infringement of your employees’ rights to the extent possible, considering the purpose of the surveillance. If solutions are available to you that enable surveillance without collecting personal information (such as data aggregation), then these solutions are preferable.
  • You must also consider any possible infringement of the privacy of your employees’ household members. Video or audio surveillance of an employee working at home may also significantly violate household members’ right to privacy. Consequently, avoid such surveillance measures, except in extreme cases when there is a critical need to do so. 
  • It is very important to inform your employees about the surveillance measures you implement. Furthermore, in locations where employees have an expectation of privacy, do not install surveillance devices without their consent.
  • If an employee objects to the collection of personal information during surveillance, consider an alternative solution that fulfills the purposes of such data collection.
  • It is important to protect the data collected through surveillance. Set rules restricting access to data, define retention periods, prohibit their use for additional purposes, etc.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Barnea Jaffa Lande & Co. | Attorney Advertising

Written by:

Barnea Jaffa Lande & Co.
Barnea Jaffa Lande & Co.
Contact
more
less

Barnea Jaffa Lande & Co. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide