Remain Calm: This is Not a Test, but You Have the Answers

We are living in transformative times. Most of us have never experienced living and working under our present circumstances. In this unprecedented time, in-house lawyers are living in a new world where courts are on hold and entire workforces are working remotely. Regulators around the world are addressing privacy concerns emanating from the pandemic (EU Guidance, HHS).

Suddenly, employers may want to check employees’ body temperature and inquire about other medical data. These types of questions impact everything from disability rights to sensitive data protection to employment discrimination. The Executive Committee of the Global Privacy Assembly (GPA), a worldwide consortium of privacy and data protection regulators, released a statement on this issue:

We are confident that data protection requirements will not stop the critical sharing of information to support efforts to tackle this global pandemic. The universal data protection principles in all our laws will enable the use of data in the public interest and still provide the protections the public expects. Data protection authorities stand ready to help facilitate swift and safe data sharing to fight COVID-19.”

In these times, technology is our friend. The ability to connect with family and stream entertainment are more important than ever, along with the facilitation of remote work. But not everything about technology necessarily complies with company policies (if they have them at all). Companies have either expanded or adopted policies and remote work practices enabling employees to work from home in situations where their responsibilities can be managed off-premise. Two big concerns are free tech services, such as chat software, and digital assistants like Alexa, Siri, or Google Home.

Free services

Quite a few tech companies have stepped forward to offer remote work services to companies, including SprionMicrosoft, Google, LogMeIn, Cisco, Zoom, and others. These free remote work tools and services are certainly welcome and contribute to business productivity under the current circumstances, especially for maintaining contact with colleagues.

However welcome these services are, it doesn’t mean that one should throw the company’s intellectual property and confidential information out the window. Please review the terms of use and the privacy policies of the new technology that you implement. Several of the ones mentioned have solid reputations for having appropriate privacy and security protections in place, but this is certainly not true of all technology services.

Digital assistants

In addition, an overlooked privacy and security issue concerns digital assistants, a common functionality on our phones. Digital assistants are voice triggered and we may or may not notice when this happens. Now that many of us are working from our homes on a regular basis, digital assistants and similar technologies represent a new risk to confidential information. Counsel must be careful to keep work areas free of these “peeping” technologies. It is akin to holding a client call while live-streaming social media.

Internet-of-things devices generally have an off-switch, but this is not a guarantee of privacy. Recall the 2015 news about Samsung TVs recording nearby chatter? Digital assistants are designed to be triggered easily and to seamlessly merge into our everyday lives. The best scenario — don’t have them in your home. The next best is to physically separate from the devices when working on confidential matters.

10 top-of-mind privacy items

  1. Recognize confidential data.
  2. Don’t allow family to use work devices.
  3. Set aside a workspace so it can be controlled.
  4. Realize phishing campaigns and links are multiplying exponentially.
  5. Implement multi-factor authentication.
  6. Install remote incident notification and breach management systems.
  7. Review policies for appropriateness (like business continuity).
  8. Remember privacy laws vary globally, but health data is sensitive everywhere.
  9. Follow regulator updates.
  10. Consider proportionality.

Resources

There are many reputable law firms tracking the legal changes and guidance (Global Privacy Assembly, TrustArc top 10 tips for employers with remote workers, SANS remote work toolkit, Baker McKenzie, Jackson Lewis, Ballard Spahr). Find one that you trust and subscribe to daily updates. Also, follow the European Data Protection Board for updates on views into the European regulators current stance on personal data during the COVID-19 outbreak.