Working from Home: Practical Tips for keeping client, staff, volunteer and all personal information safe

Data protection law does not prevent that but you will need to consider the same kinds of security measures for homeworking that you would use in normal circumstances. We have produced the below guidance for organisations and employees to advise on the Dos and Don’ts of working from home.

Need further assistance? In the first instance email the Jersey Office of the Information Commissioner team on enquiries@jerseyoic.org or call on 01534 716530.

Security – Have you considered:

Domestic internet security
You must ensure your employee has a secure internet connection. Do staff have secure WiFi requiring passwords? Do they have anti-virus software installed? Is that software (and any other software) up to date and have all software 'patches' been applied? Is this a normal activity for your member of staff? If not brief and train them first about protocols set out below.

Think carefully about physical security of ALL documents, including paper records. Think carefully about how the paperwork is going to be transported, for example in a locked briefcase/not left in open view in a car.

Setting up homeworking – Recommendations:
Many of us share our homes with loved ones. Whilst working from home you will need to ensure that members of your household cannot access your laptop or work papers. Remember to keep virtual meetings and conversations confidential too.
Lock information away securely when not in use.
Have you considered how your staff will report a breach? Do they know who to contact and how to contact them? Are you able to report a breach to JOIC if you need to?

Who needs to know you are working from home? Recommendations:
The organisation must ensure work is being conducted in accordance with the organisation’s data security policies, bring your own device and homeworking policies. We also recommend:

Consider having a sign-in/sign-out procedure for when taking files and personal data home. For those working via a remote access platform, do you have an audit trail of what employees are accessing?

Contracts of employment should have compliant data privacy clauses and refer to appropriate security, homeworking and transporting data rules. Make sure all employees are aware of what to do if a file is lost and test that plan.

What are the risks of a data breach when working from home?
Whilst working from home, being distracted and leaving unlocked devices or paperwork loose or unattended, is easy to do. Please remember if an unauthorised person is able to access the computer or paperwork you are working on, this is a data breach.

Top Tips

We recommend working in a private, secure place in your home. Also, do not leave unlocked devices unattended or paperwork lying around.

• Ensure you have secure WiFi (one with a password access) and anti-virus software that is up-to-date.
• If you take work between the office and home, only take home what is absolutely necessary.
• Ensure all paper files are secure in a locked device which is not accessible to anyone else.
• Ensure staff are aware of how to report and handle a data breach if one should occur.
• Ensure ‘working from home’ policies/contracts are in place and all staff are provided with adequate training.
• Do not dispose of any confidential paperwork in your usual household rubbish. If you can, put it aside until you are able to return it to the office to be disposed of in a secure manner.