Covid-19 And Telework: Data Protection Considerations
| Published date | 08 June 2020 |
| Author | Ms Laure Marolleau |
| Subject Matter | Privacy, Coronavirus (COVID-19), Data Protection, Reporting and Compliance, Operational Impacts and Strategy |
| Law Firm | Soulier Avocats |
The Covid-19 pandemic has prompted many companies to implement teleworking solutions. The implementation of this type of working method requires that rules be duly followed to guarantee the security of information systems and processed data.
The French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés or "CNIL") has published recommendations to help secure personal data in this context.
The Covid-19 global health crisis required the implementation of lockdown measures and strict travel restrictions allowing only travels for essential reasons. Companies, associations, administrative authorities or communities that had the possibility to do so had no other choice but to implement telework in order to preserve at the very least the continuation of essential activities that this working method can allow.
Some were already prepared to cope with telework but assuredly not on such a massive scale and over such a long period. Others had to implement it urgently, perhaps even "remotely". In some cases, and because it has not been possible to deploy the necessary means, telework is even carried out from employees' personal equipment (within the framework of the Bring Your Own Device (BYOD) practice), the level of security of which cannot be assessed, let alone guaranteed. And the use of this equipment makes it more difficult to draw a clear line between private life and professional life.
At the same time, cybercrime has increased since the start of the COVID-19 pandemic as cybercriminals are seeking, like in any exceptional situation, to make the most of it.
Employers are responsible for the security of their company's personal data, including when stored on terminals over which they have no physical or legal control but that they have authorized to be used to access the company's IT resources.
The risks against which it is essential to take precautions range from a one-off attack that impacts the availability of the system or the integrity and confidentiality of the data, to the general compromise of the company's information system (intrusion, viruses, Trojan horses, etc.).
How to reduce such risks? This article outlines the best practices to be followed to set up and manage telework.
Securing the information system
Opening up a company's information system to the outside world can create serious security risks that could jeopardize the company, and even threaten its survival in case of a cyberattack. It is therefore essential for...
To continue reading
Request your trial