While COVID-19 might not have been mastered, many organizations are already planning their return to the workplace. While this is the hoped-for outcome, a prolonged remote work period means that it’s critical to go into this phase with a strategy in hand, particularly when it comes to the role and responsibility of the Chief Privacy Officer.
Privacy in the Return to the Workplace – What to Consider
You must consider several changes and factors that will affect privacy and the return to the workplace.
These include the following:
- There is an increased risk to privacy due to employees working remotely and accessing/sharing information incorrectly.
- It is hard to enforce privacy compliance in a remote-work scenario through training.
- Increased monitoring of remote workers brings with it risks to employee privacy.
- Vendors going remote increases privacy concerns across the board.
- As employees return to the workplace, new forms of data collection/tracking pose privacy risks.
- Privacy risk reporting changes due to workforce evolution may be present.
- More and more authorities are weighing in with regulations related to protecting employee information (health tracking, activity monitoring, etc.).
- As cost-cutting increases and digital transformation accelerates, the CPO’s duties will increase.
What to Do to Mitigate the Situation
While the return to the workplace is complex, there are simple ways to mitigate the risks that arise.
- Ensure Security: Both during remote work and as employees begin transitioning back to the workplace, it is critical to collaborate with IT to ensure that devices and collaboration tools are available and that they address privacy needs.
- Training: Find new ways to deliver privacy-related training, including email and virtual courses to help employees understand privacy best practices.
- Prevent Phishing: Now more than ever, phishing is a threat to all organizations through employees at every level. Partner with IT to train employees about phishing and how to spot such attacks.
- Review Plans: Data breaches and privacy-related incidents require robust plans. Go over those plans and adjust as necessary to meet new needs and requirements, such as having a mixed onsite and remote workforce.
- Discuss Health Screening: As workers return to the office, health screenings may be necessary. These include things like temperature checks, location tracking, and contact tracing. Discuss these with business leaders, including their impact on employee privacy.
- Protect with Procedures: Work with HR and other departments to design and implement procedures that will be used during employee screening and monitoring as teams return to the office. Make sure there are procedures in place to deal with recruiting and onboarding, as well.
- Update Training: Make sure your employee privacy training is updated to include both in-office work and remote work as most organizations will have a mix for some time to come.
- Identify Unique Challenges: Does your organization face unique privacy-related challenges during the transition from remote work to in-office work, or in remaining remote? Identify these and create a strategy to deal with them.
As we enter this transitionary period, it is important to remember that everything will remain in flux. An agile mindset and a focus on protecting privacy both in the office and in remote work situations are vital.
You may also be interested in:
It’s Coming: Digital Workplaces Are the Future of the Legal Industry