News & Blog

Read the latest business news, blogs and thought leadership articles from our members, as well as updates on the Edinburgh Chamber of Commerce's work in the city.

News & Blog

Employers need to be aware of increased threat of data breaches from homeworking

Posted: 17th September 2020

Kate Wyatt, Partner in Lindsays’ Employment team, issues a ‘take action now’ warning as she says businesses cannot afford to ignore dangers with regulator unlikely to continue to make allowances because of the coronavirus crisis.

The warning comes as businesses face the prospect of huge numbers of people continuing to work from home for the foreseeable future as part of Covid-19 protection measures.

Kate advises that employees must be reminded of their obligation to ensure that confidential data is not disclosed, with training and the proper remote IT access security infrastructure put in place where needed.

Unintended potential risks can come from visitors to their home or those they share properties with simply seeing information on computer screens or from paperwork sitting out.

Data protection breaches can be met with financial penalties or sanctions from the Information Commissioner’s Office (ICO).

Kate said: “The potential increased threat of data breaches from home working is a real one, which businesses cannot afford to ignore. The nature of how we went into lockdown means this may have been overlooked as employees moved out of offices, but with home working a long-term – or permanent – prospect for a great many, employers need to take hold of this issue immediately.

“As home working becomes more normalised, I doubt the ICO will look any differently at breaches because of the circumstances in which it started. They will simply ask why employers have not got their house in order. The ICO undertook in April to adopt a ‘pragmatic and empathetic’ approach to compliance because of the exceptional circumstances. As time goes on, and with home working set to continue, the circumstances are arguably no longer exceptional.

“It’s important that employers show that they have taken all reasonable steps to stop data breaches from happening. They must remind employees about the need for IT and physical security.”

GDPR sets a maximum fine of almost £18m or four per cent of a company’s annual global turnover – whichever is greater – for infringements.

Confidentiality is one of a number of key areas in which employers must take action amid increased home working. Others include monitoring performance management and working hours.

Kate Wyatt said: “The changing work environment will alter the way that many companies have to manage performance. For organisations which do not have KPIs in place, they are going to have to think about how they assess performance with a greater number of staff working from home.

“Businesses were too busy firefighting a lot of ramifications of home working as we went into lockdown, but that does not remove the obligations they have to their staff. They have to consider these issues before problems arise rather than just as they happen.”

Kate Wyatt

Partner, Employment Law

01382 317182

Business Comment

Business Comment is the Edinburgh Chamber of Commerce’s bi-monthly magazine. It provides insight on Edinburgh’s vibrant business community, with features on the city’s key sectors, interviews with leading figures and news on new business developments in the capital.
Read more here