dataguard · 2020. 3. 26. · p> f ej k f
TRANSCRIPT
Privacy & Working From HomePragmatic recommendations for telecommuting
Privacy & Working From HomeINFORMATION
THE CURRENT SITUATION
The current pandemic caused by COVID-19 is keeping the state, companies and citizens on their
toes. At the moment, data privacy is not a priority. It is evident that the majority of Germans are
willing to compromise on data privacy measures as much as is necessary to contain the
pandemic.
One of the most common measures taken to help contain the spread of COVID-19 is working from
home. However, it is important to continue operating in a privacy-friendly manner whilst
remaining pragmatic when telecommuting.
The following are measures that the team of specialists at DataGuard recommends in managing
and executing work from home in a privacy-friendly way. If you have any further questions on this
topic, feel free to contact us.
OUR RECOMMENDATIONS
Employers should organize an agreement with their employees surrounding the terms of
telecommuting before they start working from home. If necessary, this agreement may exist
alongside their applicable emyployment contract. The agreement should explicitly state that
compliance with the applicable technical and organisational measures of working from home is
necessary.
Ideally, the company would have a policy that addresses the following points:
The employer’s responsibilities concerning telecommuting
Insurance/liability for accidents resulting from or connected to work
Coverage of expenses
Provisioning of work equipment
Commitment to data privacy/secrecy
The obligation to inform in accordance with Articles 13 & 14 GDPR should be reviewed and
updated where necessary and communicated to all parties concerned.
A confidentiality agreement should be entered into with roommates/members of the household if
it is not possible to have a separate work area.
A risk assessment of the workplace (according to §5 of the Occupational Safety and Health Act)
should be carried out.
Possible data privacy issues must be reported immediately to the relevant persons.
Technical Dos & Don’tsINFORMATION
The use of company provided IT infrastructure for purposes other than
work should be prohibited and randomly checked
The use of private hardware/software for work should be prohibited
Activate automatic screen-lock after a maximum of ten minutes of
inactivity
All operating systems should be protected with a secure password
A two-factor authentication should be implemented
The provided telecommunication infrastructure should be used
Data transfers, such as e-mails, should be encrypted using SSL/TLS
Use a VPN to connect to the company network
If possible, employees should not connect to the Internet via a private
Wi-Fi network, but a LAN cable.
Organisational Dos & Dont’sINFORMATION
Adhere to the instructions of the employer regarding telecommuting
Prepare a suitable workstation. The following should be considered:
- A room designated for work (E.g. A study)
- Set up and test the stability of the infrastructure (E.g. Power, internet
connection, mobile phone reception, etc.)
- Ergonomic seating & workstation (E.g. A desk & appropriate chair)
- Agree to rules of conduct with flatmates, household members, etc.
- Sufficient light and fresh air (open windows)
Define time slots for work and breaks
When leaving the workplace, the same routine practiced in the office
should apply :
- Lock the screen
- Store/cover sensitive documents
- Close the windows and doors when leaving the workstation and, if
possible, make the laptop inaccessible to others
Ensure that business conversations contaning personal data or addressing
sensitive topics cannot be heard by third parties
Documents with sensitive data should be collected and disposed of in the
shredder when it is possible to return to the office as opposed to disposing
of them in regular bins.