The Legal Brief

Tech and Data Security Q & A During a Pandemic

March 17, 2020

By: Jason Ott and Derrick Maultsby, Jr.

The attorneys in the Firm's Tech & Data practice group have received numerous questions from clients regarding legal issues and the coronavirus. Please see their answers below. This and additional information will be posted to the Firm's website. Please contact a Tech & Data practice group member with any questions.  

• Are there any major issues with my employees using personal computers, laptops, or similar devices in completing work from home?  After all, that seems like the most convenient approach.  

Absolutely, there are significant issues with employees using personal devices to complete work from home! Unless your employees are working solely from within your company’s network and platform, all the data that they are generating and accessing may be at risk.  Ideally, your employees should work only from business devices and only log in to your company’s network to generate, complete, and save any and all work product. These restrictions ensure that your employees are utilizing all of the data security features already in place to safeguard your company’s system and the contents of that system. However, if an employee transfers or saves any such data to a local drive on any personal device, those safeguards go out the window and that information, much of which may be proprietary and/or confidential to your company or your company’s customers or clients, will be immediately put at risk. 

• What are some of the information security safeguards in place through your company’s network that are so much better than anti-malware and other cybersecurity software programs that your employees may have on their personal devices?

There are several examples of the heightened security features of system safeguards at your company as opposed to retail software that your employee may purchase and use at home. For instance, many business networks require two-step verification for employees to log in, most business devices will lock after a certain period of inactivity, and many companies store all their data in a cloud system, which often have superior, more sustainable and measurable security features than other network security methods - not to mention your company’s IT Team who are experts in maintaining the safety and security of your company’s data and work day and night to do that!  

• Are there any data security concerns that might arise in connection with household items other than personal computers, laptops, or similar devices that my employees are using to complete their work from home?

Amazon Echo, Dots, Google Home and any other device that is constantly “listening” can present major data security issues as well.  Any device with a built-in microphone has the potential to be hacked and thus facilitate old fashioned audio eavesdropping and recording of client communications and telephone calls.  While working from home employees also should be careful and when possible, should avoid using devices with cameras attached to avoid any issues surrounding potential visual surveillance. When working from home, employees should take the time to power any such devices off before taking business telephone calls or engaging in any business communications. 

• Are there any data security concerns concerning physical records management for employees while working from home?

Home workplaces will differ.  Some employees may have separate office areas with doors that lock, while others may need to work directly from a family living area like the kitchen table. No matter what the situation might be, employees still should do their best to follow standard working processes with regard to paper files and physical records that they might bring home from the office or that they might print out from home. In particular, employees must be vigilant with regard to confidential records of their company’s customers and clients, or of the company itself. Along those same lines, employees should maintain other standard office practices, such as locking their computers or laptops when walking away from them even for just a few minutes - because you never know when a curious child might unknowingly press the wrong button and erase important files!

• Logistically, what types of official corporate procedures should I have in place for employees working from home and how should I implement those procedures?  

Your company’s IT Team, in conjunction with your company’s Management Team, should implement corporate procedures for work from home and should distribute, educate on, and mandate use of those procedures to all employees as regularly as might be reasonably practical and effective. Those corporate procedures should include the specific types of devices to be used, official directives on accessing, using, and generating data and information through the company’s network and on business devices only, and other data security safeguards. Your company’s IT Team and Management Team also should be vigilant of changes in your company’s business practices and hardware/software capabilities and technology updates and revise those corporate procedures as might be appropriate from time to time - again, always being sure to make your company’s employees aware of those modifications as they are made.  

• Are there any formal legal requirements for how my company monitors my employees’ access and use of data while they work from home?

There are many laws and regulations that may apply to your company’s collection, maintenance, organization, and processing of data, and those laws and regulations continue to proliferate - almost every day - around the globe. While those laws and regulations vary depending on the particular type of data involved, the source(s) of that data, the use(s) that your company implements for that data, the organization (or mapping) of that data, and other factors, data privacy and the manner in which your company interacts with data are major corporate compliance issues that your company should be focusing on and continuing to monitor, develop, and adapt constantly. And that is the case no matter whether your employees are working with that data from your company offices or from their homes! For any questions on what regulations apply and how to implement them, please reach out to us.