© All rights reserved to Barnea Jaffa Lande Law offices

Together is powerful

Privacy and Data Protection during Remote Work from Home

Working from home requires heightened attention to compliance with privacy protection and data security laws. The basis for such compliance, inter alia, is the Israeli Privacy Protection Authority’s guidelines, “Emphases for managers and employees when implementing a remote work policy vis-à-vis the organizational network.”

Be Meticulous about Data Security

The transition to remote work from home on a significant scale obligates organizations to take meticulous security precautions with regard to their computer and information systems. Companies should implement the following measures in order to mitigate the risk of data leaks or disruptions to business functionalities:

  • Decide which technological tools, software, and means you wish to make available to employees for the purposes of remote work. Make sure these measures provide the requisite level of data security for the organization’s operations.
  • ŸProvide employees with secure organizational systems enabling video and audio calls, and instruct them not to use their personal accounts when making work-related calls.
  • Implement measures to verify users’ identities, inter alia, through two-factor authentication.
  • ŸImplement measures so that employees are unable to save business data on their personal computers, especially sensitive third-party personal information.
  • Proactively inform employees about the risks of remote work and about the organization’s current work practices. Emphasize the risks of using personal email addresses, external software, and any other means not pre-approved by the organization as providing an adequate level of security.
  • ŸInstruct employees to make sure they work in as sterile an environment as possible, while minimizing any possibility that household members within range of their computers may be photographed or recorded.
  • ŸInstruct employees to actively exit all software and accounts connected to organizational systems and to close their computers at the end of their workdays.

Be Judicious When Engaging with Suppliers

The shift to remote work may trigger an urgent need to engage with various suppliers. Some of these engagements may involve the processing and transfer of personal information, actions that must comply with the provisions of the Privacy Protection (Data Security) Regulations. Within this framework, employers should take the following measures:

  • ŸAnalyze the risks involved in engaging with the supplier, in terms of the nature of the service, the information it is processing, and the data security measures it is implementing.
  • ŸDraw up a written agreement with the supplier that specifies its obligations in terms of data processing and requisite data security measures.
  • ŸPrioritize engaging with suppliers with good reputations for organizational data security.

The Privacy Protection Authority recently published guidelines for organizations using outsourcing to process personal information, which may be helpful in this regard.

Be Diligent about Protecting Employees’ Privacy When They Work from Home

If you wish to install technological systems enabling you to monitor employees’ work, it is essential that you thoroughly analyze these systems according to the Privacy Protection Authority’s recently published guidelines on the various aspects of privacy protection when monitoring employees working remotely. Within this framework, we recommend the following measures:

  • Before choosing a means of surveillance, it is important to define the company’s legitimate purpose for the surveillance, in a way that justifies the potential infringement of your employees’ privacy.
  • The selected technological system should minimize infringement of your employees’ rights to the extent possible, considering the purpose of the surveillance. If solutions are available to you that enable surveillance without collecting personal information (such as data aggregation), then these solutions are preferable.
  • ŸYou must also consider any possible infringement of the privacy of your employees’ household members. Video or audio surveillance of an employee working at home may also significantly violate household members’ right to privacy. Consequently, avoid such surveillance measures, except in extreme cases when there is a critical need to do so. 
  • ŸIt is very important to inform your employees about the surveillance measures you implement. Furthermore, in locations where employees have an expectation of privacy, do not install surveillance devices without their consent.
  • If an employee objects to the collection of personal information during surveillance, consider an alternative solution that fulfills the purposes of such data collection.
  • It is important to protect the data collected through surveillance. Set rules restricting access to data, define retention periods, prohibit their use for additional purposes, etc.

 

***

 

Barnea Jaffa Lande’s Privacy, Data Protection and Cyber Department is at your service to provide guidance and assistance during your transition to wide-scale remote work.

 

Dr. Avishay Klein is a partner and heads the firm’s Privacy, Data Protection and Cyber Department.

 

Adv. Masha Yudashkin is an associate in the department.

Tags: Data protection | Privacy | Remote Work