How to make homeworking work

‘Homeworking’ is a major talking point for business owners and senior leaders right across the UK. Many are switching their attention from remote working being a reactive solution for lockdown, to it becoming a strategy that could benefit their companies in the long-term.

For homeworking strategies to be successful, businesses must build these around data protection and security measures, as well as adapting policies to reflect changing employment laws.

Information and employment law experts Daniel Milnes, Bethany Paliga and James Barron at Forbes Solicitors have co-authored an essential guide to homeworking and the law. They explain why companies must prioritise the management of information alongside employment terms and conditions.

Daniel Milnes said: “Five important areas differentiate the practicalities of working from home and remotely, to that of being an employee who works purely in a fixed, managed environment such as an office. In each of these five areas, the handling of information and how staff complete their work duties are extremely closely linked and present new risks that need to be carefully managed to protect workers, as well as the interests on the business.”

The five key areas include:

Management and supervision of employees Teamworking and how staff interact with colleagues Employee monitoring Accessing information Handling information

James Barron commented: “Homeworking and employee productivity are often mentioned in the same breath, with concerns raised about how businesses can ensure remote workers are performing at the right level and doing what they are supposed to be doing. New management processes will then be considered that effectively monitor employee actions, but these need to ensure they respect the privacy of workers. It’s important that homeworking policies strike a clear understanding with homeworkers about what’s expected of them in terms of their roles and responsibilities, and how data associated with this will be recorded and processed.”

Daniel Milnes added: “The European Union’s General Data Protection Regulation (GDPR) provides a regulatory framework for how personal data is collected, handled, stored and retained for future use by organisations and is applied with modifications in domestic law across Brexit by the Data Protection Act 2018 (DPA). Part of this Regulation means that individuals, such as employees, have a right to know which organisations hold their personal information, why and how it is being used.”

Zooming-in on video conferencing

A notable homeworking trend from lockdown has been the boom in video conferencing, with the popularity of Zoom in particular surging. Recent reports value the platform’s stock as being more valuable than long-established behemoths IBM and Boeing. The growth in video conferencing epitomises the need for careful management of homeworkers using these platforms.

Bethany Paliga explains: “If companies opt to use a platform such as Zoom and request that employees join video conferences, a business could find it becomes liable for how the video conferencing provider uses and shares employees’ personal information. If a member of staff was dissatisfied with this or felt compromised because of this, they could potentially bring a claim for damages against their employer.”

Further risks of homeworkers using video conferencing platforms arise from malicious users hacking calls to access confidential business information. This could leave the company which organised the conference facing liability for a data breach in relation to personal information or a claim for breach of confidentiality.

Protecting personal devices

Another key consideration for companies considering homeworking is employees using personal devices. The need to quickly react to lockdown and adapt to widespread disruption saw many companies embrace a trend of ‘Bring Your Own Device’ (BYOD). This is where a company permits staff to use their own computers, tablets, smart phones etc to complete work duties.

While BYOD can provide companies with numerous efficiencies and avoid a significant capital outlay, businesses must consider the suitability and security of personal devices.

Bethany Paliga commented: “Irrespective of who owns the computer or smart phone, a company remains responsible for the security of information processed via the device when it’s used for work purposes and with the knowledge of the business. If employees are working from home and using their own devices, businesses need to ensure they have policies and processes in place to maintain device security and which govern how information is accessed. They will also need to make provisions for loss, theft and failure of devices.”

James Barron added: “Employers need to plan ahead to have a way to deal with information on a BYOD device if employment comes to an end or the employee is suspended. This is another element of the relationship that works very differently outside of the office environment.”

Take control through assessment

A Data Protection Impact Assessment (DPIA) should form a starting point for companies considering homeworking. It provides a level of due diligence that will identify key risks to employees and businesses from the exploitation of data.

Daniel Milnes concludes: “A DPIA can help ensure compliance with the Data Protection Principles and GDPR. The assessment identifies problems early on such as home network and personal device vulnerabilities, and how employees will access and process information. This helps companies to find the best equivalents to the security and processes they typically rely on in the office environment and extend these to employees’ homes and remote places of work.”

The importance of a DPIA as well as other key topics about employment law and information security following the pandemic-driven shift to home and remote working are covered in the book; COVID-19 – Homeworking and The Law – The Essential Guide to Employment and GDPR Issues, http://www.lawbriefpublishing.com/product/covid-19andhomeworkinglaw/