As Australia steps into our new ‘COVID-normal’, many Australian workplaces are implementing flexible arrangements that combine both remote work and time in the office. This means that employees are physically moving between secure offices and their homes (which in many cases are not so secure), and with this we are seeing the emergence of a completely new range of privacy risks and potential privacy breaches.
For example, a privacy breach may occur where employees are:
- working on confidential matters in public spaces, such as cafes and libraries;
- sharing the devices that they use to work remotely with other members of their household;
- moving physical files containing personal information to and from the office, including on public transport; or
- taking phone calls in which they are disclosing personal information within ear shot of others.
In this changed working environment, it is as important as ever that organisations prioritise the physical protection of the personal information that they hold and which their employees are handling both in the office and at home.
In order to physically protect personal information, organisations should:
- Ensure that personal information can only be accessed by those staff necessary to enable the organisation to conduct its business. By lowering the amount of people who have access to personal information, organisations can in turn, lower the risk of a privacy breach. They can more easily monitor, access and identify potential instances of misuse.
- Adopt a secure remote desktop client (or other secure method) through which staff can access the organisation’s network, data and systems. This will mean that employees can access the data that they need to complete their daily tasks without having to store any company data on their personal devices.
- Consider instructing employees that they cannot carry out certain tasks at home. For example, it may be appropriate to instruct staff that any documents containing personal information must not be disposed of at home, and must instead be returned to the office for secure destruction.
- Educate and provide clear guidance to employees in relation to required physical security measures. Employees will likely have an understanding that privacy is important, but may not know how to go about protecting the personal and private information that they handle on behalf of the organisation. Organisations should ensure that their employees receive updated training on appropriate privacy practices that relate to their particular working arrangements.
For more information on physically protecting personal information head to https://www.oaic.gov.au/ or speak with our Commercial team.