It has become very common for Hong Kong employers to adopt work from home arrangements (WFH) in response to COVID-19. In view of this, the Privacy Commissioner for Personal Data has issued guidance notes on protecting personal data under WFH arrangements. Both employer and employee should be careful of security and protection of personal data privacy. In particular, employers should take all steps to ensure data security, such as when information is used to facilitate WFH arrangements and when data is transferred to employees. Employers should also assess the risks on data security and employees’ data privacy; and formulate new policies, or review and update (if necessary) existing policies, on data transfer and remote access to corporate networks and data. Under WFH arrangement, employers may also provide electronic devices and Virtual Private Network (VPN) access to employees. Employers in such instance should ensure that the system is regularly updated, all work-related information are encrypted, and strong access controls have been set. Employers should also provide sufficient training and support to employees on data security. From employees’ perspective, they shall adhere to employers’ policies on data handling, avoid working in public places and using public Wi-Fi. For electronic communication, employees should avoid using personal email accounts for work purposes and transferring paper documents out of office, especially those containing personal data or restricted information.
Under WFH arrangement, it is important to make sure that:
1. Both employer and employee should be cautious about data security under WFH arrangement.
2. Employers should set out new or review and update current policies and provide appropriate staff training on data security.
3. Employees should adhere to policies set by employers and be cautious when working in public, using corporate devices and making electronic communication.
Please click here to watch the video.