COVID-19 revolutionized the need for remote work by employees.  And the trend toward working remote likely will continue after the outbreak is a distant memory. However, the privacy and cybersecurity implications surrounding these remote workers are often either unknown and/or ignored.  So now what?  With more of your employees working off-site, how do you protect your company against privacy violations of state, federal and international law? 

The first step is to review your privacy policy.  Is it too lax?  Is it too strict?  Either extreme creates its own issues such as inefficiency for remote workers or potential data breaches.  The policy must contain clear penalties for violations.  Violations must be tracked and the penalties enforced for the privacy policy to fulfill its purpose.

The second step is to make sure that every employee, vendor and client, is aware of the privacy policy and where appropriate, commits to the privacy policy with either a physical or digital signature.  These acknowledgements must be stored and organized by privacy policy version. As the privacy policy is amended from time to time, it is important to determine whether an additional acknowledgement is required from your employees, vendors and clients.

The third step is to train employees on how to abide by the privacy policy.  A policy is useless if no one understands it or is unsure how to apply it to their employment duties. With remote workers, this becomes even more critical as data that may permissibly be left on a desk or sent in an email on a secure network, may not be appropriate in a remote working environment.  Remote workers need to use Virtual Private Networks (VPN) to access company systems.  Companies should verify that each remote worker is using a VPN while working remotely.

The final step requires taking a second look at your data, the processing of the data and specific business sector regulations such as the Graham-Leahy Bliley Act in the financial sector.  During this review it is important to identify new risks posed by remote workers.  One way of achieving this review is to either assign or hire a Chief Information Officer (CIO) to coordinate and stay abreast of the latest trends and developments.  

Another aspect of cybersecurity and privacy that must be evaluated and implemented wherever possible is Privacy Enhancing Technology (PET).  These various technologies (there are five) allow for a greater use of data while removing all identifiable information and resisting attempts to reconstruct personal information by combining an anonymous data set with a data set that “decodes” the first set, such as Census data or voter registration databases.  More information on PET can be found here

Published by Julie D. Blake

Julie D. Blake, Counsel Ms. Blake joined Pastore & Dailey LLC in 2013. Prior to 2013, Ms. Blake worked at national and regional law firms and even operated her own rural law office for five years. Her twenty years of experience in business and commercial litigation paired with a new focus on pragmatic cybersecurity and privacy law services, is a unique combination of skills. Ms. Blake earned a B.A. in history at the University of Virginia in Charlottesville, Virginia and a J.D. from Suffolk University Law School in Boston, where she was a McLaughlin Appellate Advocacy Competition winner. She expects an LLM in 2021 from Drexel University School of Law in Cybersecurity and Privacy Law.

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: