Work from home: Ensuring data security a challenging task for businesses

As work at home (WFH) becomes the new norm – at least for the next few weeks – companies are rushing to put in place more structured WFH policies, say labor law experts.

While business continuity is the main concern for most companies, what makes the problem worse is the need to keep customer data secure even in a WFH scenario.

“Businesses must quickly realize that when they authorize homework, including critical work, they become intermediaries under the Information Technology Act of 2000. Therefore, they are required to comply with due diligence and other cyber cyber law, Indian rules and regulations, ”said Pavan Duggal, cyber law expert.

India has no data protection law or specific cybersecurity law. In addition, there is no specialized privacy law. Experts say this complicates the scenario for businesses as they continue to be responsible for the breach of customer data even when employees work outside the home.

While some employers – mainly in the technology field – already had WFH policies, others had telework agreements. For the majority of companies, the WFH was rather an informal agreement on a case-by-case basis, experts say.

“Employers have started to review their policies and formalize their practices,” said Vikram Shroff, HR law officer at Nishith Desai Associates. Atul Gupta, partner of Trilegal, underlines that the provisions relating to the confidentiality of data would apply even if a person works at home. “Employers would be advised to remind employees and educate them on best practices to ensure data security.”

Shroff says that an employer could take legal action for breach of the employment contract and WFH policy / telework agreements.

Take the example of the $ 190 billion tech industry in India, which employs 4 million people and is involved in several critical operations for global customers. The transition of most of its staff to homework required several regulatory approvals from various departments, with the exception of client consent.

“The companies have asked their customers for permission to work from home and have set up internal crack teams to deal with security and privacy concerns,” said a note prepared by Nasscom. The tech industry is still working on some start-up regulatory issues with the government, the industry lobby group said.

Experts believe that companies considering this transition should immediately develop detailed WFH policies, post them on their websites, and obtain the electronic consent of regular employees. Only employees who agree with these policies should be allowed to work from home, experts say.

“The company must first ensure that it has virtual private networks and cloud solutions so that basic security is ensured even in a WFM environment,” explains G V Anand Bhushan, partner at Shardul Amarchand Mangaldas & Co.

All security protocols that are normally in place regarding not sharing passwords, destroying printed documents, creating backups and using unsecured networks must be strictly maintained, he added.

“Companies need to do a lot more capacity building for their employees while working from home in these transitional times,” says Duggal.


Leave a Comment