In recent days, pictures of documents labeled “top-secret” and “classified” strewn about the carpet of Mar-a-Lago have dominated the news headlines. These pictures have been shocking but likely don’t seem applicable to the general public given that the vast majority of people will never possess such sensitive state secrets. However, with the rise of remote work, employers can use this national headline as an opportunity to review their remote work policies and practices.
Prior to authorizing remote work, employers should outline the expectations and scope of the remote work with the employee. The best practice for defining expectations is to enter into a written remote work agreement signed by both the employer and employee. While there are many remote work considerations recommended for inclusion in a remote work agreement (e.g. wage and hour and safety issues), this article focuses on five document and information security considerations.
Document and Information Security Considerations
1. What work may be performed or accessed remotely?
One of the first considerations for employers is identifying the type of information that may leave the worksite or be accessed remotely. Doing so reduces the risk of proprietary or confidential information being inadvertently exposed to unauthorized individuals, including family members and friends.
2. How will documents be stored?
Employers should also consider how remote employees will store documents, both physically and electronically. For physical documentation, employers may consider locked filing cabinets if the remote employee will maintain sensitive information. Further, employers should decide if employees may keep original documents (such as original contracts) in the remote workspace. Employers should also be aware of how electronic documents will be accessed. For example, will the employee be accessing documents from a family or shared computer? Being aware of who else may have access to the employee’s work on a shared or personal computer allows the employer to create appropriate safeguards.
3. What is the digital security plan?
Employers are also encouraged to explore if the employee will be accessing work documents from a secured home network and to decide if the employee will be permitted to conduct work on an unsecured network. Employers should obtain email encryption software to allow employees to communicate securely, particularly with regard to emailing documents with proprietary or confidential information.
4. Are there any client confidentiality requirements?
Additionally, in designing a remote work agreement, employers are cautioned to be mindful of any client imposed controls or requirements. Employers with non-disclosure or confidentiality agreements should confirm if any remote access will run afoul of any agreement prior to permitting related work to be conducted remotely.
5. How can employees report a breach?
Finally, employers should maintain a clear policy on how employees can report a data breach, including specifically who to contact in the event of a breach or suspected breach. Specific instructions on the steps to take in both a known breach and a suspected breach should help mitigate the potential damage and loss to the employer and clients.
If you have questions about designing a remote work agreement, contact a member of Carmody’s Labor and Employment team.
This information is for educational purposes only to provide general information and a general understanding of the law. It does not constitute legal advice and does not establish any attorney-client relationship.