In this ten-post series, we have been talking about actions companies can take to better protect valuable trade secrets and other critical business information. We are now on action number six. In this post, we’re leaving the workplace behind to talk about the home office.
As technology advances, more employees are telecommuting – either full-time or sporadically. To do their work remotely, employees often need to be able to access and work on sensitive company information from their home office equipment. Employees may also need to store confidential information in both paper and electronic format in a home office or on personal computers. As a result of this, companies can lose control over protective measures that help limit improper access, storage and dissemination of critical and sensitive information by employees.
Additionally, when employees are in the office, they have very little expectation of privacy with regard to conduct engaged in on company systems, or in their office spaces. However, employees do have a reasonable expectation of privacy in their homes. As a result, if employees store information at home, those employees can make it very difficult for an employer to collect confidential information in the employee’s possession after the employment relationship ends.
So, what can organizations do to protect themselves? The first step should be to look at your existing policies – acceptable use, confidentiality, and electronic monitoring policies – to ensure that they extend to telecommuters. If they don’t – revise them. You could also look at developing a separate telecommuting policy – to cover both those employees who telecommute full-time and those that work remotely from time to time.
The second step should be to have every full-time telecommuter sign a telecommuting agreement. In general, the ability to work from home is a benefit to the employee so outlining responsibilities of the employee when working remotely is reasonable and necessary. The telecommuting agreement will also help you outline expectations of the employee – including the actions you expect the employee to take to protect sensitive and confidential information. It should also outline whether the organization is going to provide the electronic resources necessary for the employee to work remotely (laptops, printers, internet access, etc.), or whether the employee is expected to use his/her own equipment.
As a third step, companies should look at security. If the employee uses his/her own equipment, you will also want to ensure that the network security policies and procedures extend to home computers and laptops which connect to your systems. These network security features may include firewalls, anti-virus protection, secure networks, file encryption, secure remote connections, authentications, and passwords. Companies may also consider requiring remote employees keep locked files and file cabinets and prohibit access to the working area by non-employees, including others who reside in the employee’s home.
As a final step, companies should consider how to retrieve property and files during and after employment, and gain the employee’s consent, in writing, for the employer to have the right to monitor and enter the home work area.
Are your “out of sight” employees also out of mind? If so, consider reviewing the recommended steps above. As always, if unsure about the legal implications – consult your employment attorney!