The inadvertent risk of home working to employers
The March 2020 Government announcement that employees should work from home in response to the COVID-19 pandemic markedly changed the working environment. In response, many employers hurriedly put in place arrangements to enable employees to work from home where possible, in order to save lives (and rightly so). However, in providing unfettered home access to confidential clients lists and other “crown jewels”, many employers have found themselves inadvertently exposed to an epidemic of other sorts; theft of confidential information and trade secrets by employees working from home.
Lawyers and forensic IT investigators have noted a significant and ongoing trend of increasing numbers of employees stealing confidential information and trade secrets whilst working from home. From my perspective, I believe this is driven by a combination of four key factors:
As a minimum, employers should have in place comprehensive contracts of employment that protect confidential information, require employees to return confidential information on request and in any event on termination and require employees to comply with the IT security policy. The IT security policy should be signed by the employee and should include important prohibitions on things like sending information or documents to a personal email address or downloading it to a USB. The current most popular method of theft seems to be sending information to a personal email. This seems such an obvious and clear breach, but many employers simply do not prohibit this, or to communicate this is prohibited.
Companies that implement proper IT security measures are much better placed to respond to potential breaches. I have one client which has an IT system in place which immediately alerts IT in the event an email is sent to a personal email, or if information is downloaded to a USB. Other clients ensure the screen saver flags that expressly prohibits the unlawful downloading, misuse or retention of confidential information.
Ultimately, it can be costly and time consuming to deal with breaches of confidence and can require reporting to the Information Commissioner. Employers who have evaluated the risks and taken appropriate measures, will be much better placed to face this particular epidemic.
Michelle Last (Michelle.Last@puntersouthall.law) is a partner at Punter Southall Law.
At Punter Southall, we have a team of highly skilled risk, compliance and legal experts with deep in-house practical experience. Get in tough if you would like a friendly chat with one of us.
Where we share what we’re thinking about and what conclusions can be drawn on everything from the work we do to the world around us. We hope you find our posts readable, relevant and thought-provoking.
SubscribeInsights