he remote work model, regulated as “telecommuting” in the Labor Law, has rapidly become a part of our lives in various sectors with the COVID-19 pandemic. With remote work came a new adaptation process for everyone, accompanied by many questions. One of these questions is what precautions should be taken regarding privacy and data security during remote work. Let’s explore the privacy and data security measures that employers and employees need to take.
Privacy and Data Security Measures for Employers
The precautions that employers need to take for remote work mostly revolve around technical measures. In this regard, employers need to establish an infrastructure that allows access to workplace systems and computers through Virtual Private Network (VPN) networks. Strengthening security firewalls and antivirus applications, as well as ensuring data backups, are crucial measures that employers should take. Additionally, secure password usage and two-factor authentication for system and data entries provided by employees are essential. Especially, the use of strong passwords and two-factor authentication is crucial in preventing unauthorized use of computers and phones provided to employees by individuals they live with. Employers should also ensure that remote desktop tools used to access workplace systems and computers are secure.
Another important aspect that employers should consider is the “information obligation.” Although the relevant regulation regarding data sharing rules at workplaces, including remote work, has not yet been issued, during the temporary implementation of remote work due to the COVID-19 pandemic, employers have an obligation to inform their employees about the precautions that should be taken for privacy and data security. For these warnings to be functional, it is crucial for employers to fulfill their technical obligations.
Privacy and Data Security Measures for Employees
For employees transitioning to remote work, the precautions they need to take mostly revolve around responsible and secure use of the equipment and software provided by the employer. During remote work, employees should ensure that the equipment and programs provided by the employer are not used by anyone other than themselves, and their login passwords should never be shared with anyone.
During working hours, when workplace equipment is not in use for short periods, employees should make sure that the screens are protected and encrypted, rendering them unusable. Secure password usage and two-factor authentication should be implemented for all system and data entries, as these precautions are essential in preventing unauthorized access. Employees should also be cautious about phishing emails and messages and avoid opening any emails or messages from unknown sources.
Work-related tasks and operations should not be conducted on personal computers or other technological devices. It is essential to follow workplace equipment’s physical security guidelines provided by the employer. Finally, it is important to note that the pandemic does not create exceptions for data protection principles and regulations. Therefore, all data controllers, including employers and employees, are still obligated to fulfill their data protection responsibilities. Consequently, both employers and employees should take all necessary precautions and adhere to the established measures to ensure the privacy and security of personal data.