The number of employees who describe themselves as “usually” working from home has increased by almost 20% over the last decade according to research carried out by the TUC in 2016. With this growing trend comes the obvious risk that home workers may store personal data on unsecure systems or third parties may access such data. Unfortunately for the unnamed barrister who was fined £1,000 by the Information Commissioner’s Office, that is exactly what happened.
The barrister stored clients’ personal data on a home computer, which included data regarding vulnerable adults and children. Her husband mistakenly uploaded the personal data online when using the computer, which unbeknownst to him was a breach of the seventh data protection principle requiring “appropriate technical and organisational measures” to be taken in order to protect personal data. The current UK maximum monetary penalty for data protection breaches is £500,000 but this will increase dramatically once the General Data Protection Regulations come into force next May. It is therefore a good time to remind home workers of their obligations, which could include:
- regularly circulating your home working policy;
- providing training to help workers understand their obligations under your policies and procedures;
- imposing restrictions on the use of portable media to store personal data; and
- reminding workers of the steps to take to report a breach or suspected breach.
As reported in our previous blog on the new General Data Protection Regulations, reporting of breaches will become mandatory and a failure to notify within the deadline of 72 hours of discovering the breach exposes businesses to increased fines so it is a good time to check that workers understand their obligations. If you need help with drafting home worker policies, please speak to a member of our employment team.