The pandemic changed so much. The fact that this has become such a cliché doesn’t make it any less true.
Some of the changes seem like a lost distant memory, and others have become an entirely normal part of our everyday lives.
The need for so many to move quickly and comprehensively to a working-from-home environment was a shock and something few of us could have anticipated. Working in that way was not at all easy for everyone. For others, it suddenly opened the possibilities of working in more flexible ways and many employers have embraced that flexibility.
Hybrid working was not really a ‘thing’ before the pandemic, but now you see it everywhere. It’s even reshaped the office property market in London and other areas as people increasingly work from home.
I will let others comment on the pros and cons of this new working environment from a productivity perspective. Still, there is at least one thing that has remained consistent and entirely inflexible:
Ensuring personal data is protected remains both a legal and moral imperative.
Whether that processing happens in an office or at home, the compliance requirements are the same.
Whilst the compliance requirements are the same, the risks rarely are. Working from home could involve remote access to information or physical documentation. Either way, the nature of the risks will likely be entirely different in that environment and must be thought about carefully and proactively.
The pandemic gave us little if any, time to consider these things in detail in the early days. The priority at that time was just to keep our heads above water. But we have had the time, since then, to work out how to understand, respond to, and manage data governance and security risks in this post-pandemic era.
If you work for an organisation with home or hybrid working, they should have well-rehearsed and well-tested systems and processes to support remote working IT. That is a hugely important aspect of all working environments, but other key elements need to be well understood too.
Time and time again, we see human error highlighted in data security or data breach incidents.
Humans will always make mistakes. Some of those will be purely accidental, such as sending a confidential email to the wrong person. Criminals are getting better at rolling out convincing scams, such as phishing attempts that now look incredibly authentic (the Channel Islands recently had a big uptick in these types of scams).
Working in a home environment is likely to heighten some of these risks.
Wherever you are working, information of any kind, but particularly data relating to individuals, needs to be handled properly and securely. It often helps to look through a slightly different lens when thinking about data protection.
Imagine your health provider, bank, or legal advisor handling your personal details. What would you expect from them, especially if they allow their staff to take files home, draft you that highly confidential letter from their kitchen table, or call you to discuss your test results from their lounge?
Looking at it from that perspective can help us engage more positively with the legal requirements that many baulk at. The law is not there to make life difficult for you; it’s there to protect you.
We can work in ways and locations that seemed impossible only a few short years ago. We need to be aware that our approach to data governance needs to evolve accordingly, not just because the law tells us to but because we deserve the protections it gives us all.
Need some help?
Let’s work together to review your data processing policies and build a robust data protection culture.