Safeguarding clients’ personal data security under Work-from-Home Arrangements
The Enquiry
An enquirer was concerned that companies had not implemented sufficient security measures to safeguard clients’ personal data during Work-from-Home Arrangements.
Our Response
Data Protection Principles (DPP) 4(1) of Schedule 1 to the Ordinance requires a data user to take all reasonably practicable steps to ensure that personal data held by it is protected against unauthorised or accidental access, processing, erasure, loss or use. Regardless of whether the staff member works in the office or works from home, organisations should adopt appropriate security measures to protect clients’ personal data.
The PCPD has issued “Protecting Personal Data under Work-from-Home Arrangements: Guidance for Organisations” and “Protecting Personal Data under Work-from-Home Arrangements: Guidance for Employees”, providing practical advice to organisations and their employees to enhance data security under Work-from-Home arrangements.
If the enquirer has concerns about the data security of the relevant organisation, he may contact the organisation directly to learn about its relevant policies.
(Uploaded in August 2024)