Pro-Tips (Part 3) for a Good Company Telecommuting Policy: Data Security
If your San Diego business allows or is contemplating allowing work-from-home or other remote employees, your business must establish an official company telecommuting policy. There are a host of legal and labor law issues that must be addressed. In parts one and two of this series, we discussed policies and procedures with respect to mandating meal and rest breaks and how to address workers’ compensation and safety concerns. In this article, we offer some pro-tips concerning how your telecommuting policy should deal with data and information security. There are two key concerns — protecting trade secrets and intellectual property and avoiding data breaches or other exfiltration of customer and/or employee information. An experienced San Diego corporate attorney can help draft your company’s telecommuting policy.
As we have discussed in other articles, to be legally protected, trade secrets and confidential information must be kept secret. Among the steps that every business must take is to have policies and procedures in place to actually keep the information and data secret. For this reason, a legally effective telecommuting policy must carry forward the company’s policies with respect to protecting trade secrets. Likewise, protecting computer systems from hacking and other cybercrimes is already important for San Diego businesses and its importance will only grow once the California Consumer Privacy Act takes effect beginning January 1, 2020. To effectuate these goals, these are among the items to include in your company telecommuting policy:
- Reiterating the company’s policies and expectations with respect to protecting information and data
- Mandate that telecommuting employees protect proprietary company and customer information from being accessed at their remote workspace
- Mandate use of locked file cabinets and desks, regular password maintenance, and standard security measures — if necessary, the company should reimburse for lockable storage equipment
- Where feasible, limit the remote employee’s access to confidential and consumer data or, alternatively, require that access to such data be done non-remotely
- Mandate that remote employees not use public Wifi networks
- Mandate that remote employee not permanently house or store confidential or consumer data on their computer devices
- And more
These policies are important to limit the legal and financial risks from data breaches. As one recent case shows, the loss of data can be expensive. See Giroux v. Essex Property Trust, Inc., Case No. 16-cv-01722-HSG (US N.D. California, May 14, 209). In Giroux, extensive personally identifiable information for 2,500 employees was stolen in a cyberattack. The employees brought a class action in federal court alleging violation of various California statutes. To settle the case, the company agreed to pay nearly $500,000. That is a lot of money and a lot of productivity from upper management in having to handle litigation-related matters. A good company data/information security policy is essential, including policies that cover telecommuting employees.
Call San Diego Corporate Law Today
For more information, contact attorney Michael Leonard, Esq., of San Diego Corporate Law. Contact Mr. Leonard by calling (858) 483-9200 or via email. Mr. Leonard can help with employee-related matters such as employment contracts, drafting and/or reviewing company employee policies and procedures, creating and/or updating employee handbooks, and more. Like us on Facebook.