Answered by: Phil Parkinson, Head of Commercial Law at Blacks Solicitors “Documents and communication stored on business property such as laptops can contain sensitive information related to clients, patients, or employees, while a lost access card or key fob risks unauthorised access to your premises. Property left unaccounted for can pose major data breach risks, increasing the chances of unauthorised persons having access to an organisation’s confidential information. Data breaches can lead to legal claims and reputational damage, but a variety of proven methods can reduce risks and ensure employees can work safely remotely. As a minimum security measure, hardware like laptops and removable media such as memory sticks must be properly encrypted to minimise the level of risk in case of misplacement. This ensures that confidential information is inaccessible to an unauthorised individual who has access to any lost business property. However, some organisations may wish to consider cyber insurance to additionally bolster protection. For any organisation, robust cyber security is vital to ensuring employees can access and work with sensitive data safely and risk free. But with mass remote working and hybrid office days more widespread than ever, security measures must account for business property held off site without the reliability of a secure office. Moving to a cloud based system or utilising a VPN are common ways for organisations to provide safer off-site system access. It is useful to note that the Information Commissioner’s Office (ICO) published some insightful guidance on what organisations should take into account, which specifically examines issues related to rapidly adopting remote working systems. Failing to establish suitable security for your organisation can not only result in significant fines from the ICO, but also expose responsible parties to direct claims from data subjects whose personal data has been compromised, and risk reputational damage. Depending on the circumstances, the employee could be subject to both criminal and civil proceedings as both individuals and organisations have responsibilities under data protection law. It is therefore imperative that employers ensure employees have undertaken the relevant training, both for new starters and annually thereafter, and have logs in place to evidence this. Employers should ensure that they have appropriate policies in place which cover business property loss or data breach scenarios, and streamlined breach reporting procedures cascaded to all employees. Appropriate disciplinary action should also be included within employment contracts to enable employers to take appropriate action where work property is lost. Despite the multiple benefits of remote and hybrid office working, the significant growth during the pandemic has exposed organisations to increased security risks, either from the potential of lost business property or improper data safety practices from employees logging in at home. Ensuring your hardware is properly encrypted, delivering appropriate and up-to-date safety training to employees, and establishing suitable cyber security measures can all reduce risks to your organisation and prepare employers as best as possible for the worst case scenario.” If you’d like to speak to someone about data protection, please visit https://www.lawblacks.com/business/commercial-law/. Post navigation Q & A: Can employees talk about their wages?