Date:30 November 2020
PCPD Issues Three Practical Guidance Notes Relating to Work-from-Home Arrangements for Organisations, Employees and Users of Video Conferencing Software to Enhance Data Security and Protection of Personal Data Privacy
In relation to work-from-home (WFH) arrangements, the Office of the Privacy Commissioner for Personal Data, Hong Kong, (PCPD) today (30 November) issued three Guidance Notes under the series “Protecting Personal Data under Work-from-Home Arrangements” to provide practical advice to (1) organisations; (2) employees; and (3) users of video conferencing software to enhance data security and the protection of personal data privacy.
The Privacy Commissioner for Personal Data, Hong Kong, Ms Ada CHUNG Lai-ling, said, “As WFH arrangements may have become a new normal for many people, I call on employers, employees as well as users of video conferencing software, including teachers and students, to step up their guard against the new risks posed to data security and personal data privacy as a result of WFH arrangements.”
In particular, the PCPD recommends that organisations should:
-
set out clear policies on the handling of data (including personal data) during WFH arrangements;
-
take all reasonably practicable steps to ensure the security of data, in particular when information and communications technology is used to facilitate WFH arrangements, or when data and documents are transferred to employees to work from home;
-
provide sufficient training and support to their employees under WFH arrangements to ensure data security; and
-
ensure the security of the data stored in the electronic devices provided to employees.
The PCPD recommends that employees should:
-
adhere to their employers’ policies on the handling of data;
-
use only corporate electronic devices for work as far as practicable;
-
enhance the security of Wi-Fi connections and electronic communications (including emails and instant messages);
-
avoid working in public places to prevent accidental disclosure of personal data or restricted information to third parties; and
-
ensure proper handling of data when it is necessary to take paper documents out of office premises.
On the use of video conferencing software, the PCPD recommends that users should:
-
review and assess the policies and measures on the security and protection of personal data privacy of different video conferencing software in order to choose the ones that meet their needs;
-
safeguard their user accounts by setting up strong passwords, changing the passwords regularly, and activating multi-factor authentication; and
-
verify the identities of the participants of video conferences to prevent unauthorised access.
For details of the practical advice, please refer to the three Guidance Notes at Annex. The Guidance Notes can also be downloaded at the PCPD’s website: www.pcpd.org.hk.
Protecting Personal Data under Work-from-home Arrangements: Guidance for Organisations
Protecting Personal Data under Work-from-home Arrangements: Guidance for Employees
Protecting Personal Data under Work-from-home Arrangements: Guidance on the Use of Video Conferencing Software