One of the key principles of GDPR is the security principle, which builds on the requirement in the legislation's predecessor (the Data Protection Act 1998). The principle requires that ‘appropriate technical and security measures' are in place. In short, this means organisations have to look after the data that they process.
Remote working poses a number of challenges, including maintaining control over the data that organisations process. If it’s not managed effectively, the security of personal data might be compromised.
While data breaches caused by remote working are rare, they can unfortunately be serious. The impact on individuals can be significant, especially where you’re working with sensitive or ‘special category’ data. Disclosure of this information could cause distress to the affected individual or even material damage in certain cases.
For example, if someone’s data is compromised, this could make it possible for another individual to commit fraud using their personal details. Data breaches can also be damaging to the organisation responsible in terms of fines or reputational damage.
Top tips on information security during remote working:
- Handle personal data as carefully as you would in your usual workplace.
- Ensure that you lock your computer and don’t leave devices or papers unattended.
- Be aware of your surroundings. Can family access, view or overhear anything sensitive?
- Store personal data securely when not in use.
- Raise awareness within your organisation about the risks to data when working remotely and consider providing additional training of staff members.
- Don’t send any work to or from your personal email address.
- Use headsets or headphones during Skype meetings or phone calls to prevent family or neighbours overhearing something sensitive.
- Avoid leaving drinks or food on or near paperwork, tablets or laptops – if it spills it could destroy information that you need.
- Don’t throw paper files with personal information in your rubbish or recycling bin. Shred with a cross-cutting shredder, or keep it securely until it can be returned to the office to destroy safely.