Skip to main content

Insight article

April 6, 2020

Lockdown your data whilst remote working

Businesses processing personal data must keep the protection of customer and employee data at the front of continuity planning as they tackle the Coronavirus threat.

Staff are likely to be working remotely or in different circumstances, which could make customer and client details more vulnerable to data breaches, and cyber-criminals are ratcheting up their fraudulent scams. It is also worth bearing in mind that data relating to employee health will likely increase given the pandemic, and extra security measures must be given to this special category of personal data.

Businesses are implementing contingency planning, with staff working from home and using domestic internet and possibly personal devices to access cloud-based software and systems, making keeping data safe and secure more important than ever, as fines for data breaches will still apply.

Whilst it’s not quite “Stop all the clocks, cut off the telephone”, the Data Protection Act 2018 (DPA) does provide strict operating boundaries for businesses processing personally identifiable information about individuals with a statutory obligation to notify the regulator of any breach which places an individual’s personally identifiable information at risk. It also gives wide-ranging power to the UK’s data regulator, the Information Commissioner’s Office (ICO), which can impose high penalties for breaches.

Karen Cole, our Deputy Data Protection Leader and Employment Partner, explains:

“Tackling the threat of the Coronavirus is taking businesses into unchartered territory, and while data protection law doesn’t stand in the way of homeworking, or the use of personal devices, it demands even greater attention to security measures, as the ones that you use in the office will need to be tailored to suit these new circumstances.

The human element is often the reason for data breaches and without direct supervision and colleagues to consult, these may be more likely to happen. Certainly, there are reports of a steep rise in attempted cyber fraud, with many more phishing emails, malware and social engineering, where fraudsters dupe staff into revealing information or making money transfers.”

The other major threat to data security during the crisis is handling individual information about staff and visitors who have travelled to high-risk areas, symptoms, test results and when self-isolation has taken place. This is personal data protected by the DPA, but where it concerns health, it may be special category data under the DPA, which requires special security measures.

Such information should be collected and used only as absolutely necessary in managing risk and should not be retained unless essential, such as for an insurance claim.

Karen added:

“Ideally the management and sharing of information is set out in a policy so you know who to tell and what information is shared with whom. So, for example, the ICO has said that it is ok to inform other staff if someone tests positive, or is suspected of having contracted the virus, so as to protect the health and safety of all, but to avoid naming those individuals.

Organisations will be struggling to keep pace in this fast-changing environment, it’s important to make sure you don’t drop the ball when it comes to personal data. If you end up with a breach and compromised data when you come out the other end it will be a serious issue. The ICO has the power to impose fines of up to €20m or 4% of total worldwide turnover and the damage to corporate reputation can be immense.”

While the ICO say they will be pragmatic about matters such as speed of response to information requests during the crisis, there is no suggestion that they will accept reduced data security standards.

Give yourself peace of mind. Call Karen Cole today.

Note: This is not legal advice; it provides information of general interest about current legal issues.

Stay in touch

Subscribe to our newsletter

Stay in touch

By completing your details and submitting this form you confirm you are happy for us to send you marketing communications and that you agree to our Website Privacy Policy and Legal Notice and to us using Mailchimp to process your data.


Sending

News/Insight

  • Buying a commercial unit: what you need to know
    Buying a commercial unit can be a valuable step for your business, but it comes with legal, tax, planning and property risks. Brinda Granthrai explains what buyers should consider before committing.


    Read more
  • Pension and inheritance tax changes from April 2027: why now is the time to review your will and estate plan
    From 6 April 2027, most unused pension funds and pension death benefits are expected to be included in a person’s estate for inheritance tax purposes. This article explains what the changes could mean for families, pension nominations, wills, chari


    Read more
  • What happens when company owners disagree? The key to keeping private companies running smoothly
    Director and shareholder disagreements can quickly disrupt a business if they are not addressed early. This article explains what disputes can mean for a private company, how they can be avoided, and how legal advice can help protect stability and su


    Read more
  • SMEs urged to review risks as liability rules expand
    New criminal liability rules taking effect on 29 June 2026 will make it easier to prosecute businesses of any size where senior managers commit offences while acting on the organisation’s behalf.


    Read more
  • AI-written grievances add new pressure for employers
    AI is making it easier for employees to produce detailed, formal-looking grievances that refer to legal concepts and workplace rights. For employers, the key is to look beyond the language, identify the core concern and follow a fair, consistent grie


    Read more

What they say...

  • Client, July 2026
    Pragmatic, but commercially astute support “Genuinely, we valued your pragmatic, but commercially astute support. It has helped us get this tricky deal over the line in a manner that we both feel supports our needs in a balanced way and gives L

  • Chey, July 2026
    Professional and speedy “I’m extremely happy with the service provided by RIAA Barker Gillette. They were very professional, dealt with my matter at speed and were very accommodating with my disability. I wouldn’t hesitate to use th

  • Client, June 2026
    Thank you “I had a call with Pippa that was not only factual and to the point but also reassuring and very helpful. Would highly recommend.”

  • Client, June 2026
    Trusts services “Very helpful service which solved our problem.”

  • Client, June 2026
    Probate Services “We used Patrice Lawrence to deal with our parents’ probate, and she handled the case promptly, professionally and with the respect due for a matter of this nature.”

Read more
Send this to a friend