8-2-22 As seen in the Rochester Business Journal - Data security is next frontier as more employers embrace remote work

Posted on August 02, 2022

Data security is next frontier as more employers embrace remote work

Work from home policies should address data protection

By: Special to the RBJ Caurie Putnam August 1, 2022

Two and a half years out from the wide-spread arrival of the COVID-19 pandemic in the United States, working from home has become much more of a choice for workers and jobseekers, rather than an emergency measure.

According to the Pew Research Center, as of February 2022, 59% of American workers whose jobs could be performed at home were continuing to work from home. That number had peaked at 71% in October 2020 but was still up substantially from 23% who say they worked remotely frequently before the coronavirus outbreak.

LaRocca

“Working from home is something that continues to expand,” said Lorisa D. LaRocca, partner and chairperson of the labor and employment department at Woods Oviatt Gilman LLP. “I don’t see remote work tapering off, certainly not with my own clients. More and more people in the workforce are saying flexibility and the ability to work remotely is a pre-requisite for them.”

With remote work here to stay in many industries, the Rochester Business Journal talked to LaRocca and attorneys from other local firms to find out what employers need to be doing to address productivity and data privacy concerns they may have that go along with this terrain.

Skepticism of work from home has changed

Luke P. Wright, partner with Harter Secrest & Emery, LLP who specializes in labor and employment prefers to work out of his firm’s building at Bausch & Lomb Place in Rochester. He admits he was a bit skeptical about how remote work for the masses would go.

“One of the fears about at-home work pre-pandemic was that most employees would not be productive,” Wright said. “This largely turned out to be wrong and the skepticism of work from home has been pushed back broadly. I was one of the people who was skeptical, but my view has changed.”

Statistics back Wright up. A study by Stanford researchers of 16,000 at-home workers over 9 months showed that working from home increased productivity by 13% when compared to company data from previous years. The increase in productivity was attributed in part to a quieter and more convenient working environment.

Additionally, Stanford researchers found employee attrition decreased by 50 percent among the telecommuters and that telecommuters had fewer sick days and took shorter breaks and less time off than their non-telecommuter counterparts.

Still, many employers want their own real-time data on the productivity of their own remote workers. That data-seeking varies greatly from employer to employer and attorneys in this article gave examples of unnamed clients who utilize all levels of productivity monitoring.

These examples run the gamut from fairly minimal monitoring, like a supervisor checking in randomly with a call or email, to more moderate, like requiring employees to return emails in a certain amount of time. There are also companies that use more intense measures, like a high-tech system that randomly takes photos of their employees sitting (or not sitting) in front of their computers.

“Some employers are not interested in monitoring the minute-by-minute activities of their employees and take a more organic approach,” LaRocca said. “Others say, ‘I trust my employees, but I still want to be able to check in on them from time to time,’ and others use more extreme methods of monitoring.”

Regardless of what methods they use, employers in New York state are now required to let their employees know, regardless of whether they are working on-site or off-site, if they are being electrotonically monitored while using company owned devices or systems.

This new law took effect on May 2, 2022 and applies to all businesses except for the State of New York and all governmental subdivisions. Employers must give new hires a heads up that they will be monitoring and post this information for current employees. Failure to do so carries penalties from the New York State Attorney General’s Office.

Time to look at data protection

“When work from home first became a thing most employers were focused on productivity,” said F. Paul Greene, a partner with Harter Secrest & Emery and chair of the firm’s privacy and data security practice group.

“Now it’s time to look at data protection. The data of others is what companies should worry about.”

Protecting data is a major concern for employers with a remote workforce and rightfully so. When employees are not working from a centralized location there is a dispersion of data and devices that must be regulated – something as seemingly innocuous as using a company laptop on an unsecured Wi-Fi network at the coffee shop by your house can have disastrous consequences.

The 2019 State of Cybersecurity for Remote Work study from OpenVPN revealed that 90% of IT professionals surveyed believe remote workers pose a security risk for their employers and more than half said remote employees are a greater security risk than onsite employees. Still, 92% of these IT professionals believe that the benefits of remote work outweigh the risks.

“Privacy and protecting information is not merely a best practice anymore, it’s mandatory,” said Paul F. Keneally, a partner at Underberg & Kessler LLC who specializes in labor and employment. “It’s really important companies spend the time and the money to make sure their systems are private and that the home worker’s devices are as equally protected as if they were at their desk.”

Some of the things Keneally recommends to his clients are multi-factor authentication for devices, a password management system like 1Password, and cyber insurance for those worst-case scenarios.

“I think the ship has sailed on whether or not you need cyber insurance,” Keneally said. “You need it. Every business needs it. It’s just part of the cost of doing business in 2022.”

Greene recommends that all companies ensure their work-from-home policies address data protection and are harmonized with their other data protection policies.

When work from home increased during the pandemic many companies’ policies around remote work looked more at logistical and productivity issues, Greene explained, like time expectations and monitoring practices. Now it’s critical that companies re-visit their work-from-home policies to make sure the data protection piece is not only included but robust.

Caurie Putnam is a Rochester-area freelance writer.

Lorisa D. LaRocca