There is an ever-increasing rise in the number of workers who spend all or part of their working time away from their employer’s premises, usually from home. This practice has benefits for both parties. Employers may be able to save on expensive office space by reducing the number of employees permanently based in the office, while employees can save significant commuting time thus contributing towards a better work/life balance and can benefit from fewer interruptions than in an office environment.
However, working away from the office is not without risk, and HR professionals should bear this in mind when putting in place arrangements for home working. One of the key areas for consideration is how to protect the employer’s confidential information, which will, entirely legitimately, be used outside its own premises. Confidential information can be contained on a laptop or a USB stick, or in paper format.
The answer, as in many employment-related situations, is to have the correct policies in place and then make sure they are followed.
Workers should be informed that they are responsible for ensuring the security of all information they take outside the employer’s premises. Simple obligations such as the need to keep data with them at all times when travelling (ie not left unattended in a car) and to ensure that they are kept in a secure place if taken home or to another location should be made explicit. Some employers will prohibit or seek to discourage the removal of paper documents from the office environment as the risk of inadvertent loss is considered to be greater.
Another factor that may not appear obvious is seeking to control the access that others within the employee’s home may have to the employer’s data. The current High Court dispute between Sir James Dyson and his former house manager regarding confidential information to which she had access during the course of her employment is a demonstration of the potential risk posed by cleaners and nannies who may have access to the place where the employer’s data is kept. A more frequently experienced example is a worker who leaves documents visible on a coffee table when their friend visits.
In that situation, the employer may wish to consider including within its home working policy an obligation on its workers to actively ensure that other members of their family and/or their friends or employees are not able to see the content or have any access to the information belonging to the employer.
Given the seriousness with which an employer is likely to regard a loss of confidentiality in its data, and the potential for this to amount to a data breach, the home working policy should spell out that failure to adhere to the terms of it is likely to amount to a disciplinary offence, which, in suitable cases, may be considered to be gross misconduct.
Clare Waller is a partner at Hewitsons Solicitors