For companies which have Work From Home (WFH) arrangements, there would inevitably be access, processing or transfer of office data and documents through employees’ home networks and employees’ own devices, which would increase the risk to data security and personal data privacy.
However, the same standard of personal data privacy security and protection applies irrespective of whether there are WFH arrangement or not.
As suggested by the Personal Data Privacy Commission, companies with WFH arrangement should adhere to the following principles:
1) There should be clear data (including personal data) handling policies in place
2) The company should take all reasonable practicable steps to ensure data security, especially when data and documents are transferred to staff
3) Unnecessary data and materials should be erased and destructed
4) There should be policy in place to response to data breach incidents.
Companies should review and adjust their data protection policies on a regularly basis and keep their staff abreast and well informed of the policies and the consequences for not complying with the policies.
For electronic devices like mobile phones, notebooks provided by the companies to staff for the WFH arrangement:
1) There should be regular system update for the devices
2) All work-related information in the devices are encrypted
3) There is remote wipe function so that information in the devices can be erased if the devices have been stolen or lost
4) Use of strong passwords, requiring a regular change of passwords to tighten access control
Companies should also have VPN (Virtual Private Network) to enable staff to access corporate networks remotely and securely through the internet. Examples to ensure the security of VPN:
1) The use of multi-factor authentication for connecting to the VPN
2) Keep the security setting of the VPN platform up-to-date
3) Blocking connection from insecure devices
For legal advice or services on corporate and commercial matters, please contact CHOW & CHEUNG, Hong Kong Solicitors & Notary Public. [Tel: +852 2856 3799 Email: firstname.lastname@example.org]
The above contents do not constitute legal advice and it should not be regarded as a substitute for detailed advice in individual cases. Transmission of this information is not intended to create and receipt does not constitute a lawyer-client relationship between Chow & Cheung and the user or browser. Chow & Cheung is not responsible for any third party content which can be accessed through the website.