Should I have a homeworking policy?
If organisations don’t have a formal home working policy, then they should set out, as soon as possible, in clear terms, what is expected of employees from a data protection perspective when working from home. These might include:
- If someone is using their own device for remote working, ensuring that any devices that hold work-related information have up-to-date anti-virus software and that broadband connections have properly configured firewalls
- Reminding staff to contact the organisation’s IT department if they encounter any issues with home working, and not to try and resolve any issues themselves
- Reminding staff that they should notify relevant individuals within the organisation if they consider that there might have been a personal data breach. A breach will still be notifiable even if it does occur at home during the pandemic. These should be logged by the organisation in their data breach log in the normal way
- Ensuring staff lock their devices whenever they are not using them
- Where possible, working in a separate part of the home to family members
- Ensuring confidentiality of information – advising staff not to have phone calls where others are likely to hear the conversation. This might mean moving to a different room, closing the door, or arranging a call for a more convenient time. If employees have smart speakers, you may want to consider advising them to either turn these off, if they are working in the same room as it, or work in a different room
- Wherever possible, avoid taking hard copy documents home, and, if papers are taken home, never placing those papers in a bin or using a home shredder – any such papers should be shredded back at the office in the usual way
- Locking any papers in a safe place
- Not using social media platforms (unless already used and permitted by the organisation) to discuss work matters
- Advising extra caution with incoming emails as at times such as this there may be an increased risk of fraud, email hacking, spear phishing etc.
- Avoiding information being sent to personal email accounts (for example, so it can then be printed at home)
- Reminding staff of your organisation’s Information Security policies, procedures and protocols. These could be emailed to all staff working from home or they could be directed to such documents on the organisation’s intranet, for example
Organisations should also ensure that their remote access systems can cope with increased demand.
Whilst the ICO appreciates the unprecedented nature of this pandemic, it does not mean that organisations can forget about their obligations as controllers of personal data. If a major data security breach were to happen, there is still the possibility of enforcement action where the organisation didn’t put in place good risk mitigation measures.
We have a specialist team of data protection lawyers here at Ward Hadaway, and would be happy to discuss any data protection concerns or issues that you might have.
Related FAQs
The Home Office has not stated when it will end these temporary measures, albeit it has stated that it will provide a warning. Where employers have carried out checks using the temporary measures, the Home Office has confirmed that it will require employers to carry out retrospective checks on any of the following:
- Employees who started working for you when the temporary measures were in place
- Employees who required a follow up check during the temporary measures (for example because their previous leave was coming to an end).
It is not explicit from the guidance but these retrospective checks must require you to have in your possession the physical ID in its original form. When carrying out the retrospective check, employers must record this using the following wording “the individual’s contract commenced on [insert date]. The prescribed right to work check was undertaken on [insert date] due to Covid-19.”
These further checks must be made within eight weeks of the temporary measures ending, and employers must keep records of both checks undertaken. Where the employer discovers that the employee does not have the right to work during the retrospective check they should stop employing them.
The first point to note is that it is the position as at 14 February 2022 which is relevant, as whether or not a lease is a ‘qualifying lease’ for the purposes of recovering costs under the Building Safety Act was effectively frozen at that time.
If a leaseholder owned more than three properties in the UK (and the property in question was not their principal home) at that time, then the lease will not be a qualifying lease. The protections under the Act which prevent or restrict the landlord’s ability to recover the cost of remedial works through the service charge will not therefore apply to that lease (save potentially for the provision that costs cannot be recovered where the landlord is responsible for the defects, which does not expressly refer to qualifying leases).
The lack of a searchable database to assess how many properties a leaseholder has in the UK is however one of the difficulties to be resolved in this regard, as there is currently no way of searching the Land Registry to obtain a list of properties owned by one individual. The guidance appears to rely on the leaseholder completing the leaseholder deed of certificate being open and honest in this regard, and that deed of certificate being passed onto subsequent owners. Making false representations or failing to disclose required information in the deed of certificate may be a criminal offence, although reliance on this to discourage mis-reporting is clearly less satisfactory than having a searchable register.
With the outbreak of coronavirus leading to a requirement for more employees to be working remotely, especially following Government advice that all non-essential travel including to and from work should be avoided, there has been an increased requirement for businesses to be more flexible in their approach to signing contracts.
The traditional approach has been for contracts to be printed and signed with a “wet ink” signature. However, this is not a strict legal requirement in the majority of circumstances and contracts can be formed without this degree of formality. English law recognises that contracts can be formed by electronic means – including the exchange of emails or the typing of a name into a document to signify agreement to it.
Whilst this approach offers a lot of flexibility, more sophisticated electronic signature tools are recommended for important documents, to enable the identity of the signatory to be validated and reduce the possibility of fraud.
If businesses are considering changing their contracting processes because of coronavirus, or because of a general shift towards paperless working, it is important to ensure that proper approval processes remain in place, and to consider whether a software tool should be used to complement them. Systems such as DocuSign are widely used.
There also remain some situations where legal advice is recommended before relying on an electronic signature:
- Where the other party is abroad – as local laws that are different from English law might apply
- If executing a deed – the law requires certain types of document to be executed as a deed (for example, transfers of land and powers of attorney), and the issues around electronic signature and witnessing are more complicated here
In our latest “in conversation” webinar we discussed the outlook for the corporate transaction market. Whilst it would be a brave person to predict the future of anything at the moment given current circumstances, we were joined by two organisations who are very well placed to provide their views.
John Laud, Head of Corporate Banking for North and West Yorkshire for Barclays, his colleague Stephen Loureda from their Credit Analysis Team, and Jill Williams, Investment Director of Mercia Asset Management’s Growth Fund, were in conversation with Ward Hadaway corporate partners Adrian Ballam and Jonathan Pollard to share their thoughts about how the ‘new normal’ for the transactions market may look:
- With supply chain and forecast prediction challenges, how will banks and investors determine what represents a sound opportunity?
- How will distressed and opportunistic acquisition opportunities be funded, and what is investor appetite for such opportunities?
- How have seller and buyer pricing expectations been impacted as a result of the pandemic?
- How are funders reacting, and how should ambitious businesses respond to the very low, or even negative, interest rates?
We expect this video to be of real value to those businesses whose plans of buying, selling or investment may have been impacted by the current economic crisis, but who are looking at opportunities to determine how they may shape their futures – #gettingbacktobusiness.
£370 million will be available to support small and medium-sized charities who are at the heart of local communities and which are making a big difference during the outbreak, including those delivering food, essential medicines and providing financial advice. These monies will be distributed by organisations including the National Lottery Community Fund for those in England. It is understood these monies will need to be applied for. The application system for the National Lottery Community Fund grant pot is expected to be operational within a period of weeks.