RISK

BRIEFING

Hybrid working - who can access what data?

25 Jan 2023

Hybrid working - who can access what data?

It’s been almost two years since the pandemic forced the workforce out of the office and into, for some, a make-do set up at home. Who knew then that this would turn into a more permanent arrangement, with employees finding they enjoy the flexibility of working from home and employers finding they no longer need to pay out for a permanent office.

Hybrid working is now proving effective for many, but one of the key issues that cropped up as employers learnt to manage this way of working, was that of data protection and the immediate need to control who had access to what. This is an ongoing issue and, in line with Data Protection Day (28 January), this briefing takes a look at protecting personal data in a hybrid working model.

One of the key issues to manage is how your data is being used when your workforce could potentially be using different networks or devices. Data protection compliance specialist The Compliance Space highlights some key principles to remember when it comes to de-risking remote working.

Avoid a blanket ‘access to everything’ approach
There is a need to balance the requirement to work remotely with appropriate data access and security. This will require regular review in light of a more permanent switch to hybrid working, but will be time well spent to avoid a potentially damaging data breach.

Discourage local storage of data
Using approved online systems and educating employees on the benefits of having central access is vital. In the immediate aftermath of the pandemic, organisations may not have had the resources to ensure everyone was adhering to best practice, but they cannot afford to let this go unchecked indefinitely.

Regularly review security standards
It is still imperative to have minimum security standards for remote devices, such as disk encryption, strong passwords and VPN for internet connections and privacy screens.

Making sure employees keep compliance issues in mind when they are working from home is a challenge. Consider the following recommendations:

Make the permanent move to a digital data storage system
One of the main opportunities that has arisen from the increased use of digital solutions is that it can really reduce the perceived need for paper-based systems. This change in habit is crucial to increasing both efficiency and security for organisations. Having a common digital platform for people to interact on and with can really help drive engagement on compliance-based activities.

Use ‘extra’ time to train
With people spending less time commuting or travelling, there is potentially more time to dedicate to compliance-based activities. Ensure there is a regular programme of best practice training in place to embed a positive data culture within the business. Digital tools mean that you can be more flexible and aware of people’s individual circumstances by arranging virtual training sessions or updates that are easy for people to attend.

Be visible
Even if that is not physically possible, the DPO, or person responsible for data protection, still needs to be the ‘go to’ person for help and support and regular communication will continue to be crucial. In addition to training, think of other ways to ensure data management is front of mind, perhaps using other internal communications channels such as e-newsletters or the intranet.

Read The Compliance Space's full article and download its data protection guide here.

You may also be interested in

RELATED CONTENT

RELATED CONTENT

Accident and incident reporting
Accident and incident reporting

The Accident and incident reporting course helps learners develop skills to deal with the aftermath of an accident or incident.

Risk Assessment and Method Statements (RAMS)
Risk Assessment and Method Statements (RAMS)

The Risk Assessment and Method Statement (RAMS) course examines the HSE’s recognised five-step approach to risk assessment.

IOSH Managing Safely
IOSH Managing Safely

The world’s best-known health and safety certificate, designed for managers and supervisors in any sector or organisation.

IOSH Working Safely
IOSH Working Safely

IOSH Working Safely is a one-day introductory health and safety training course for people at any level, in any sector.

Risk assessment: the ‘reasonably foreseeable’ test
Risk assessment: the ‘reasonably foreseeable’ test

Risk assessments are often the first thing to be reviewed in the event of an accident. Claire Deacon PhD, Health and Safety Trainer with International...

Fire safety - changes in risk assessment
Fire safety - changes in risk assessment

Responsibility for fire risk assessment in the workplace is changing in line with new legislation. In this briefing, John Davidson of security and fir...

Robots in the workplace: an emerging risk to health and safety?
Robots in the workplace: an emerging risk to health and safety?

The use of machines in the workplace is nothing new. But, whereas robots were initially built to carry out simple tasks, nowadays artificial intellige...

Manchester Arena inquiry – risk assessment was 'box ticking'
Manchester Arena inquiry – risk assessment was 'box ticking'

Risk assessments carried out by the Manchester Arena operators prior to the Ariane Grande concert in 2017 were nothing more than “box ticking", an inq...