Blog

7 April 2020

Maintaining data protection whilst remote working

Image

Coronavirus has significantly changed where we work. But the question is, has it changed how we work?

Working from home presents some interesting challenges when processing payrolls that used to involve paper timesheets mailed into the office or spreadsheets downloaded from a central repository. There aren’t many businesses that still use paper to record hours worked as most now use a mobile app or other digital solution for their frontline workers. However, there may still be some who do. In this uncertain time, it’s critical that carers and other key workers can continue to work and get paid.

So, if paper is still your method of recording hours worked, how should this be dealt with in these changing times? Realistically it shouldn’t be sent to an individual’s home but to a central office location. However, this isn’t so easy if the whole workforce is working remotely.

If it needs to be processed by a remote worker, paper should be scanned and sent electronically. This helps to reduce the risk of it being available to other people who don’t need to see the information and makes sure that it is securely filed and disposed of. The biggest concern for employees is trying to reduce the risk of paper, to ensure that sensitive data does not fall into the wrong hands.

For payroll managers and administrators, there are a number of things that need to be considered when processing a payroll away from the office.

1. Whose IT kit is being used?

Many HR systems allow for remote access via the internet, so the use of personal equipment is a definite option where businesses need people to work from home, however what about the other information that is needed to update the amounts to be paid?  This could be on a spreadsheet accessed from office 365 which when downloaded could then be available to others in the family. This would be a data breach if they then accessed it. Personal equipment may not have the level of anti-virus installed or may already be infected with malware.  The use of company issued equipment is always a better option.

2. How is data transferred into the HR system?

Is it possible for the timesheet information to be viewed on a separate screen as it may be in the office or is it printed and then the data keyed in?  If printed, then another potential scenario arises for a data breach as we are back to the issue of paper. Another consideration in relation to the data transfer is whether people are working off a single screen. Few people have A3 or larger monitors at home and very few have multiple monitors if they don’t work from home that often. The scope for error increases where people are transferring information by trying to remember what was on one system in order to transfer it to another.

3. Who else is in the room?

Many people are balancing care and support with remote working as well as sharing the space with other members of the household, who are not always family. Children are a distraction and can mean that we are not as diligent in locking the screen, allowing others to view personal information or press the send key before it should be.  As payroll administrators, there is a duty of confidentiality to fellow workers but that is not the case for other people in the house. It is therefore important to remind employees that when working on personal data, other household members should  not be in a position to view the screen. Reducing the time it takes for your computer to lock can help with this.

Coronavirus has forced us to change where we work, but it may also provide the best opportunity for us to review our working practices.  We can benefit from finding more effective ways to collect and use the data we process for payroll and increase the automation and integration of processing timesheets into the payroll system.

Key Takeaways

  • Wherever possible, use company issued equipment and reduce the time it takes for your screen to lock.
  • Provide a similar level of equipment where possible to reduce the risk of error.
  • Remove paper from the process as far as possible to reduce the potential of it being filed or disposed of incorrectly.
  • Provide some clear advice about where to set up a remote workstation to increase privacy.

Blog tags

Lesley Holmes

Lesley is an experienced Data Protection Officer (DPO) and former Senior Information Management and Governance Consultant with a sustained record of delivering success in Information governance (IG) and front line services, Lesley is extremely experienced in data protection law.

Back to blog listing