Personal data and remote working
The Data Protection Commission (DPC) has issued comprehensive guidance on protecting personal data while working remotely.
The guidance covers devices, emails, cloud and network access, and paper records. In summary, the DPC says:
- Take care that devices, including USBs, aren’t lost and report any loses to your data protection officer
- Ensure devices have the necessary updates, particularly software and antivirus
- Keep all devices and paper records secure in a safe location
- Lock your device and tidy away paper records if you leave it unattended
- Log out of devices, email accounts, etc and turn devices off when they’re not in use.
- Use strong passwords and encryption where necessary
- Take immediate steps to ensure a remote memory wipe if you lose a device
- Follow your employer’s policies
- Send emails to the correct person and protect attachments that contain sensitive personal data
- Use work email accounts
- Watch out for phishing emails or WhatsApp messages
- Stick with your organisation’s networks and cloud services, and comply with your employer’s rules and procedures on cloud or network access, login, and data sharing
- Ensure any locally-stored data is adequately backed up securely
- Keep a written record of what records and files you’ve taken home.
Any data processing done in the context of preventing the spread of Covid-19 should be carried out in a manner that ensures data security, particularly where health data is concerned. The identity of affected individuals should not be disclosed to any third parties, including their colleagues, without a clear justification.
Contact your employer’s date protection officer if you have questions or concerns.