Skip to content
Menu

Home FAQs Should I have a homeworking policy?

Should I have a homeworking policy?

If organisations don’t have a formal home working policy, then they should set out, as soon as possible, in clear terms, what is expected of employees from a data protection perspective when working from home. These might include:

  • If someone is using their own device for remote working, ensuring that any devices that hold work-related information have up-to-date anti-virus software and that broadband connections have properly configured firewalls
  • Reminding staff to contact the organisation’s IT department if they encounter any issues with home working, and not to try and resolve any issues themselves
  • Reminding staff that they should notify relevant individuals within the organisation if they consider that there might have been a personal data breach. A breach will still be notifiable even if it does occur at home during the pandemic. These should be logged by the organisation in their data breach log in the normal way
  • Ensuring staff lock their devices whenever they are not using them
  • Where possible, working in a separate part of the home to family members
  • Ensuring confidentiality of information – advising staff not to have phone calls where others are likely to hear the conversation. This might mean moving to a different room, closing the door, or arranging a call for a more convenient time. If employees have smart speakers, you may want to consider advising them to either turn these off, if they are working in the same room as it, or work in a different room
  • Wherever possible, avoid taking hard copy documents home, and, if papers are taken home, never placing those papers in a bin or using a home shredder – any such papers should be shredded back at the office in the usual way
  • Locking any papers in a safe place
  • Not using social media platforms (unless already used and permitted by the organisation) to discuss work matters
  • Advising extra caution with incoming emails as at times such as this there may be an increased risk of fraud, email hacking, spear phishing etc.
  • Avoiding information being sent to personal email accounts (for example, so it can then be printed at home)
  • Reminding staff of your organisation’s Information Security policies, procedures and protocols. These could be emailed to all staff working from home or they could be directed to such documents on the organisation’s intranet, for example

Organisations should also ensure that their remote access systems can cope with increased demand.

Whilst the ICO appreciates the unprecedented nature of this pandemic, it does not mean that organisations can forget about their obligations as controllers of personal data. If a major data security breach were to happen, there is still the possibility of enforcement action where the organisation didn’t put in place good risk mitigation measures.

We have a specialist team of data protection lawyers here at Ward Hadaway, and would be happy to discuss any data protection concerns or issues that you might have.

Related FAQs

Can I use my Business Interruption insurance to make a claim?

The FCA’s test case in the Supreme Court ruled overwhelmingly in favour of policyholders.  However, business interruption cover generally has the prerequisite of physical damage or loss to the property (or in some circumstances, the presence of a notifiable disease at the property or within a certain radius of it), to recover losses caused by the interruption to your business. The onus is on insurers to re-assess those claims which are impacted by the Supreme Court’s judgment and to make contact with the policyholders regarding next steps. If you have not already made a claim, in the first instance the terms of any policy should be checked carefully to see whether business interruption cover is provided.

Last updated on 27th April, 2021

Can you furlough a suspended employee?

Yes. You should be able to furlough a suspended employee subject to all other eligibility requirements however we recommend that you take advice on this before doing so.

Last updated on 28th March, 2020

I'm self-isolating and understand that it takes some time to get a Lasting Power of Attorney registered. What can I do in the meantime to enable someone else to operate my bank account and pay my bills?

The Office of the Public Guardian is continuing to accept applications to register Lasting Powers of Attorney but their usual estimated timescale of eight to ten weeks is likely to be affected by the current situation.

Consequently, an alternative or interim measure if you need something quickly is to execute a General Power of Attorney to authorise someone to act as your Attorney to undertake day to day financial transactions for you. The General Power of Appointment only needs to be executed by you in the presence of a witness (not the Attorney) to be valid and does not need to be registered with the Court of Protection. However, the Power of Attorney would cease to have effect if you become incapable of managing your affairs. It should be seen as a stop-gap only.

Last updated on 1st April, 2020

What are the new Procurement Policy Notes (PPN)?

The Government has produced and published three new Procurement Policy Notes as a direct result of the ever changing Covid-19 environment.

PPN 01/20: Responding to COVID-19

The purpose of PPN 01/20 is to ensure that contracting authorities are able to procure goods, services and works with extreme urgency, to allow them to respond to the pandemic efficiently.

This PPN provides guidance for the following circumstances:

  • Direct award due to extreme urgency (regulations 32(2)(c)) (click here to read our article regarding regulation 32)
  • Direct award due to an absence of competition or protection of exclusive rights
  • Call off from an existing framework agreement or dynamic purchasing system
  • Call for competition using a standard procedure with accelerated timescales
  • Extending or modifying a contract during its term

PPN 02/20: Supplier relief due to COVID-19

PPN 02/20 focuses predominantly on the supplier to assist in keeping supply chains open and ensuring that suppliers are kept financially sound during these unpredictable times.

This PPN provides guidance for the following circumstances:

  • Urgent reviews of contract portfolios and to update suppliers if they believe they are at risk
  • Put in place appropriate payment measure to support supplier cash flow
  • Where contract payments are based on ‘payment by results’ make payments based on previous invoices
  • Ask suppliers to act on a ‘open book’ basis and make cost data available to the contracting authority during this period
  • Ensure invoices submitted by suppliers are paid immediately on receipt

PPN 03/20: Use of Procurement Cards

The third guidance note PPN 03/20 relates to the use of procurement cards to increase efficiency and accelerate payment to suppliers.

This PPN provides the following advice and urges organisations to arrange with their procurement card provider to:

  • Increase a single transaction limit to £20,000 for key card holders
  • Raise monthly limits on spending with procurement cards to £100,000 for key card holders
  • Spend on procurement cards each month in excess of £100,000 should be permissible to meet business needs

Although the above advice has been provided, should these limits not be necessary, organisations should seek an appropriate transaction limit or monthly limit.

The PPN also advises that by 30 April 2020, in scope organisations should:

  • Ensure that a number of appropriate staff have the authority to use these cards
  • Open all relevant categories of spend to enable these cards to be used more widely

Last updated on 17th April, 2020

In a situation where a building has a B1 EWS1 rating but the insurance companies are either refusing to quote or saying the cladding is a fire risk (due to the result of the intrusive survey for the EWS1 rating) and quadrupling insurance premium, is there anything that will help with this situation in the Building Safety Act or the secondary regulations when they come in or do you think it is something case law will have to address?

The amount an insurer charges for providing cover is a critical aspect of the underwriting process. The premium must be sufficient to cover expected claims but must also take into account the possibility that the insurer will have to access its capital reserve –it is risk assessment based and the greater the risk, the higher the premium. Historically, insurers of high-rise buildings would have only had to prepare for a loss caused by damage to just a few flats within a building. That is because the design and construction of that building, with the right materials and fire safety provisions in place, should have limited the spread of fire and allowed the damage to be contained –or at least make this an extremely low risk. Now we know that many buildings have been designed, built and signed off in a regulatory system that an independent Government review has found was not fit for purpose. Premiums will reduce overtime but will be dependent upon the perceived level of risk reducing as the regulatory regime, BSA and BSR become more established.

Last updated on 13th October, 2022