Security and Working from Home

Have you considered the potential data and confidentiality risks whilst your workforce is working from home, particularly with regard to liability?

‘Vicarious liability’ means that employers are liable for the actions or omissions of their employees. If an employee commits a negligent act or omission during the course of their employment, the employer will be vicariously liable instead of the employee.

In 2018, the UK Court of Appeal held that Morrisons supermarket was liable for a deliberate data breach committed by an employee of the company when he released personal information of 100,000 employees on the internet. This was later overturned by the UK Supreme Court, but it is worth noting that Morrisons spent over £2million remedying the actions of the rogue employee.

The above ruling begs the question of when an employer might be liable for their employees’ actions, and the answer will depend on what job the employee holds, what their responsibilities are and whether the wrongful act is so closely connected to their job role that it is fair to impose liability on the employer.

As employers, it can be easy to think that having sight of all employees in a central office helps reduce the risks and minimise the opportunities for employees to put data at risk, whether accidentally or deliberately. But what happens while employees are largely working from their own homes?

Whilst working from home employees will often share what has become their workspace with others who do not work for the same company and, unfortunately, it is highly unlikely that the same standard of data security applies within an employee’s home as it does within the firm’s office. There are various measures employers can put in place to avoid vicarious liability, whether employees are working at home or in the office, including putting in place robust training, policies and procedures. In doing so, they can demonstrate that they have taken all reasonable steps to prevent wrongdoing.

Below are some basic steps employers can take to try and minimise the risks of employees working from home:

  • Ask that sensitive phone calls are conducted privately;
  • Ask that all confidential documents are shredded;
  • Make sure all technology is password protected and laptops are never left unattended and unlocked;
  • Ask employees to ensure their internet is password protected where at all possible and not to use open networks that maybe available to them;
  • Ask employees to keep work laptops away from children as far as possible;
  • Ensure you have a good understanding of your employees’ roles and the responsibilities they hold; and
  • Refresh employees’ knowledge of data security by issuing relevant training.

However, practical difficulties remain. For example, how can employers be sure that laptops are kept away from children, or that employees have private spaces in their homes in which to undertake calls? It is simply not practical for employers to police other members of an employee’s household.

Therefore, it is important for employers to keep in close contact with their employees during periods of home working. Encouraging open channels of communication will help address any concerns or issues employees may be experiencing and will hopefully allow employers to deal with a problem before it escalates.

Remember that not all employees will have access to the same office set-up that the physical workplace provides. They may have childcare needs or a lack of private space at home.

It may be worth talking to employees about their role and responsibilities. Not all tasks may suitable to be carried out from home, depending on their nature, and it may be useful to discuss this and make adaptions where possible.

There are no easy fixes and the Covid-19 pandemic has thrown up many challenges for businesses, but employers should be aware of their duty to their employees and their responsibilities.

Go here: https://www.gov.uk/coronavirus for the latest government guidance on coronavirus.

About the author

As HR Manager at RWA, Amy works as both internal practitioner and consultant to RWA clients. Whilst undertaking the role of HR Manager to RWA employees, she coordinates the on-boarding of new recruits, manages employee absence and assists with performance reviews and disciplinary/grievance situations.

In a consultancy capacity, Amy provides advice to clients on a range of HR matters, including recruitment & interviewing, redundancy, discipline & grievance, absence management, contracts of employment, and performance management.

Get RWA Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here