Working at Home - Data Protection Guidance

Data Protection Guidance for staff working remotely

Due to the current Coronavirus emergency, many people are working remotely at home instead of in their usual place of work. Data Protection law still needs to be complied with even in these unusual circumstances.

The following policy covers home working generally and should be followed in all situations where staff are working from home or away from the office.

PURPOSE OF THIS DOCUMENT

This document sets out acceptable policy to comply with Data Protection Act 2018 / GDPR 2018, for users for accessing, viewing, modifying and deleting Bield Housing and Care’s data and accessing its systems if your role requires you to access Bield Housing and Care’s data whilst away from the office, i.e. in remote offices or your home.

DEFINITIONS

Data Protection Law means the General Data Protection Regulation (EU) 2016/679 ("GDPR"); the UK Data Protection Act 2018; the EU Directive 2002/58/EC on privacy and electronic communications (PECR), as is applicable in the UK; and any laws replacing, amending or supplementing the same and any other applicable data protection or privacy laws.

Remote equipment / Home Worker refers to users using either company provided or your own device or systems or applications, to access and store company information, at your home or remotely, typically connecting to Bield Housing and Care’s remote desktop, remote application or VPN systems.

Data Controller - The Data Controller is a person, group or organisation that alone or jointly with others determines the purposes and means of the processing of personal data. Bield Housing and Care is the Data Controller for its employee’s personal data.

User – A member of staff, employee, contractor, visitor, or another person authorised to access and use Bield Housing and Care’s systems.

Data Processor – a person, group or organisation that processes personal data on the instructions of a Data Controller set out in a written contract. Bield Housing and Care is a Data Processor for the data we process under contract with our Clients. Our Clients are the Data Controllers for that personal data but we have a responsibility to keep it secure.

POLICY INTRODUCTION

This policy covers the use of electronic devices which could be used to access Bield Housing and Care’s systems and store information, alongside employees’ own personal data. Such devices include, but are not limited to, smart phones, tablets, laptops and similar technologies.

Bield Housing and Care, as the Data Controller, remains in control of the data regardless of the ownership of the device, or the location in which the data is processed. As an employee of Bield Housing and Care you are required to keep any company information and data securely and comply with Data Protection law. You are required to assist and support Bield Housing and Care in carrying out its legal and operational obligations, including co-operating with the IT team should it be necessary to access or inspect company data stored on your personal device or equipment at your home.

Bield Housing and Care reserves the right to refuse, prevent or withdraw access or permissions for users to work from their homes and/or particular devices or software where it considers that there are unacceptable security, or other risks, to its employees, business, reputation, systems or infrastructure.

Data Protection, Security and Confidentiality of Materials

You must follow Bield Housing and care’s policies and procedures in relation to working with personal data as if you were still based in the office. However, there are additional risks relating to working remotely. You should keep the following in mind:

a)    The data protection principles still apply and need to be adhered to, ie, you should only access personal data that is needed for “specified, explicit and legitimate purposes”. You should “limit what you take home to only what is necessary” and keep it there for “no longer than is necessary”. You must consider “appropriate security”, both at home and in transit. Additionally, if required to, you must be able to provide Bield Housing and Care with evidence you are complying with these principles.

b)    Never leave a computer with personal confidential information on screen. An unauthorised person reading personal data is a data breach.

c)     Never leave your computer ‘logged on’ when unattended. Think about who may access the device when you are not around – whether deliberate or accidental.

d)    Ensure that rooms containing computers and other equipment, are secure when unattended, with windows closed and locked and blinds or curtains closed.

e)    If making a phone or online conference call remember that it is confidential and consider who is around who might overhear.

f)      Levels of Home Security should be at the same level as at work.

g)    You should only work within Bield Housing and Care’s approved systems – eg Microsoft teams or Zoom.

h)    Do not hold person identifiable information on electronic devices. If you absolutely have to download a document to your personal device, ensure it is deleted as soon as possible.

i)      If using your own device, check for automatic uploads to Cloud storage systems. For example, if you have subscribed to iCloud or Dropbox, you may inadvertently be uploading Bield Housing and Care’s documents to your personal account in these applications. You should disable these uploads whilst you are doing Bield Housing and Care’s work.

j)      Any paper taken from the office to work at home must be protected in transit and in your home.

k)     Paper files should be ‘signed out’ from the office and ‘signed in’ again when returned.

l)      Ensure paper is transported safely – in a wallet or case

m)   Keep paperwork secure at home and out of sight of members of your family and others.

Loss or Theft

In the event that your device is lost or stolen or its security is compromised, you MUST promptly report this to Bield Housing and Care’s IT department, in order that they can assist you to change the password to all company services and report this as a data breach if appropriate. (You must also cooperate with the IT Department in wiping the device remotely, even if such a wipe results in the loss of your own data, such as photos, contacts and music.)

Bield Housing and Care will not monitor the content of your personal devices, however the IT Department reserves the right to monitor and log data traffic transferred between your device and company systems, both over internal networks and entering Bield Housing and Care via the Internet.

In exceptional circumstances, for instance where Bield Housing and Care requires access in order to comply with its legal obligations (e.g. obliged to do so by a Court of law or other law enforcement authority such as the Information Commissioner) Bield Housing and Care will require access to company data and information stored on your personal device. Under these circumstances, all reasonable efforts will be made to ensure that Bield Housing and Care does not access your private information.

Approval for Working Remotely

Line Managers will consider requests for home working in consultation with individual members of staff and may wish to confirm such arrangements with their senior manager and a Human Resources manager.

Compliance and Disciplinary Matters

Compliance with the Policy forms part of the employee’s contract of employment and failure to comply may constitute grounds for action, under Bield Housing and Care’s Disciplinary Policy.