Working remotely, but are you sure how safe your data is? Here are some tips to keep personal data safe when working remotely from the office space. For more information, you can consult the Data Protection website
Paper Records
• It’s important to remember that data protection covers electronically stored or processed data and personal data in manual form (such as paper records) where it is, or intended to be, part of a filing system.
• Where possible, keep a written record of which records and files left the office to maintain good data access and governance practices.
• When working remotely with paper records, take security measures to ensure the confidentiality of these records. Keeping them locked in a filing cabinet or drawer when not in use, disposing of them securely (e.g. shredding) when no longer needed, and ensure they are not somewhere where they could be misplaced or stolen.
• When dealing with records that contain special categories of personal data (e.g. health data). Take extra care to ensure their security and confidentiality, and only remove such records from a secure location where it is strictly necessary to carry out your work.
Devices
• Take care of company devices such as phones, laptops, tablets, or USBs, and do not lose them.
• Make sure that the devices have the latest operating system(like iOS or Android). The software/antivirus updates.
• Ensure your computer, laptop, or device is used in a safe location. Keep sight of it and minimize who else can view the screen, especially when working with sensitive personal data.
• Lock your device if you do have to leave it unattended for any reason.
• Make sure your devices are turned off and locked or stored carefully when not in use.
• Use effective access controls (such as multi-factor authentication and strong passwords). For extra data protection, it is recommended that you get an encryption key. This will restrict access to the device and reduce the risk if a device is stolen or misplaced.
• When a device is lost or stolen, you should take steps immediately to ensure a remote memory wipe, where possible.
• When dealing with records that contain special categories of personal data (e.g. health data). Take extra care to ensure their security and confidentiality, and only remove such records from a secure location where it is strictly necessary to carry out your work.
Emails
• Follow any applicable policies in your firm around the use of email.
• Use work email accounts and not personal ones for work-related emails involving personal data. If you have to use the private email, make sure contents and attachments are encrypted and avoid using personal or confidential data in subject lines.
• Before sending an email, ensure you’re sending it to the correct recipient, particularly for emails involving large amounts of personal data or sensitive personal data.
Cloud and Network Access
• Where possible, only use your organization’s trusted networks or cloud services and comply with any organizational rules and procedures about cloud or network access, log in and, data sharing.
• If you are working without cloud or network access, ensure any locally stored data, is adequately backed up securely.