In relation to work-from-home (WFH) arrangements, the Office of the Privacy Commissioner for Personal Data, Hong Kong, (PCPD) today (30 November) issued three Guidance Notes under the series “Protecting Personal Data under Work-from-Home Arrangements” to provide practical advice to (1) organisations; (2) employees; and (3) users of video conferencing software to enhance data security and the protection of personal data privacy.
The Privacy Commissioner for Personal Data, Hong Kong, Ms Ada CHUNG Lai-ling, said, “As WFH arrangements may have become a new normal for many people, I call on employers, employees as well as users of video conferencing software, including teachers and students, to step up their guard against the new risks posed to data security and personal data privacy as a result of WFH arrangements.”
In particular, the PCPD recommends that organisations should:
- set out clear policies on the handling of data (including personal data) during WFH arrangements;
- take all reasonably practicable steps to ensure the security of data, in particular when information and communications technology is used to facilitate WFH arrangements, or when data and documents are transferred to employees to work from home;
- provide sufficient training and support to their employees under WFH arrangements to ensure data security; and
- ensure the security of the data stored in the electronic devices provided to employees.
The PCPD recommends that employees should:
- adhere to their employers’ policies on the handling of data;
- use only corporate electronic devices for work as far as practicable;
- enhance the security of Wi-Fi connections and electronic communications (including emails and instant messages);
- avoid working in public places to prevent accidental disclosure of personal data or restricted information to third parties; and
- ensure proper handling of data when it is necessary to take paper documents out of office premises.
On the use of video conferencing software, the PCPD recommends that users should:
- review and assess the policies and measures on the security and protection of personal data privacy of different video conferencing software in order to choose the ones that meet their needs;
- safeguard their user accounts by setting up strong passwords, changing the passwords regularly, and activating multi-factor authentication; and
- verify the identities of the participants of video conferences to prevent unauthorised access.
Protecting Personal Data under Work-from-home Arrangements: Guidance for Organisations
gn_wfh_employersProtecting Personal Data under Work-from-home Arrangements: Guidance for Employees
gn_wfh_employees (1)Protecting Personal Data under Work-from-home Arrangements: Guidance on the Use of Video Conferencing Software
gn_wfh_video (1)SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DI HONG KONG – PDPC