Logo
Media Centre

Data Protection in The Times of Coronavirus: Teleworking

Ariel Yosefi

24 March 2020

24/03/2020
Technology & Regulation in the Spotlight

In order to combat the proliferation of COVID-19, many businesses are now instructing their employees to engage in teleworking, in lieu of attending work as normal​.

In this context, we would like to inform you of important and recent regulatory and industry guidelines, directed at both employers and employees, to help organizations mitigate data protection and security risks associated with teleworking –

 

In addition, various European data protection regulators, including the European Data Protection Board and the regulators in the UK, Ireland, Germany, Italy, The Netherlands,  Spain and others, have also recently issued guidelines on practical issues of data protection during the COVID-19 pandemic.

Businesses are encouraged to ensure, at these times, that they meet their data protection responsibilities, in particular those relating to information security, and that they appropriately address the challenges related to teleworking. We encourage our clients and friends to review these guidelines, which contain important and recommended organizational and technological security guidelines for teleworking.

For your convenience, below we have highlighted certain key guidelines:

For employers:

  • Address the applicable operational changes in case of remote access (such as ensuring user authentication, giving suitable priority to the support of remote access solutions, providing virtual solutions, etc.);

 

  • Develop, amend or update the relevant procedures/policies, in particular a telework security policy that defines telework, remote access, and BYOD requirements (including the forms of remote access the organization permits, devices that can be used for remote access, the type of access each teleworker is granted, etc.), and define a clear procedure to follow in case of a security incident;

 

  • Provide initial and then regular feedback to staff on how to react in case of problems (who to call, hours of service, emergency procedures and how they evolve);

 

  • Plan telework-related security policies and controls based on the assumption that external environments contain hostile threats;

 

  • Provide guidance on back-up, retention and transfer of data on, to and from employees’ devices;

 

  • Ensure that remote access servers are secured effectively and configured to enforce telework security policies (e.g. ensure that remote access servers are not only configured as a single point of entry to the organization’s network that can enforce a telework security policy, but are also kept fully patched and only managed by authorized administrators from trusted hosts);

 

  • Secure organization-controlled telework client devices against common threats and maintain their security regularly.

 

For employees:

  • Be on the lookout for social engineering attempts, which may include emails with strange file attachments, communications from individuals claiming to be IT personnel asking, or unusual web meeting requests;

 

  • Secure your home network, make sure you are using a secure connection to your work environment, ​​and secure Wi-Fi connection;

 

  • Ensure fully updated anti-virus system are in place, ensure periodical back-ups;

 

  • Ensure safe desktop environment (such as locking screen when working in a shared space).

 

In addition, businesses are encouraged to address other data protection matters, such as updating existing policies and procedures related to access controls, teleworking, business continuity and disaster recovery, and ensuring that any third-party agreements contain adequate security controls.

Please do not hesitate to reach out to us if you need further guidance on the practical implications of these guidelines.

**********************************************

Feel free to contact us with any further question or comments regarding the update and subjects detailed above.

Kind regards,

Ariel Yosefi, Partner

Head of Technology & eCommerce Regulation

Herzog Fox & Neeman

Related Practice Areas

Related Lawyers

More news

Nebraska is the 17th US State to Adopt Comprehensive Data Protection Legislation
Maryland is the 16th US State to Pass Comprehensive Consumer Privacy Legislation
Kentucky is the 15th US State to Adopt Comprehensive Data Protection Legislation
JOIN OUR
Newsletter

    © 2020, All rights reserved, Herzog Law
    Site by Gootte

    The information contained in this web site is provided for informational purposes only and should not be construed as legal advice on any subject matter and should not be relied upon as such. Herzog accepts no responsibility for any consequences whatsoever arising from use of the information contained in this web site. The accessing of information contained in this web site shall under no circumstances be considered as creating an attorney-client relationship between Herzog and any party accessing this web site. Contacting through email any lawyer named in this web site or sending information without prior agreement of Herzog shall not be construed as automatically creating an attorney-client relationship between Herzog and the party sending an email or information. The material contained in this web site has been created by and remains the property of Herzog. No reproduction, transmission, publication or any other form of dissemination shall be permitted unless the prior written consent of Herzog has been obtained. This web site may contain links to other web sites operated by third parties. Herzog does not sponsor, approve or endorse the content of any such web site and is not responsible for the materials appearing in such sites.

    Search by
    Search by +

    Search