It has been reported that Dyson’s house manager of 20 years Lynette Flanders was made redundant last year. After Flanders launched an unfair dismissal claim against her former employer, Dyson has accused her of stealing secrets in the form of emails, recorded conversations and photographs.
We will have to wait and see if these claims turn out to have any truth behind them. In the meantime, however, this story could cause HR professionals’ ears to prick up. Not everyone reading this will be working at businesses with trade secrets as valuable as Dyson’s. But with the advent of GDPR all data is precious. And with more and more employees working from home, it does raise the question of how data is being stored at employees’ homes, and if they themselves employ anyone who might have access to this data.
It is notoriously tricky to monitor how an employee is treating valuable company data when they work from home. Of course safeguards can be put in place, such as providing encrypted laptops and clear procedures and policies around how sensitive data should be handled. But it can be extremely difficult to ensure an employee is vigilant at all times, or that someone else at home with them doesn’t spot a printed-out document or open laptop containing confidential information.
It is certainly prudent for HR practitioners to carry out risk assessments related to employees’ home working. These should look at who might reasonably have access to a home computer, how secure the home is and how data is transferred. As part of this risk assessment, HR professionals should assess who else, outside of the employee’s family, might be around regularly and this could include childminders, housekeepers, cleaners and gardeners. In more extreme situations where an employee has access to very sensitive or commercially valuable information at home, it might be worth considering a non-disclosure agreement (NDA).
Encouraging your staff to include an NDA when hiring a nanny or cleaner might sound extreme. But this can be extremely valuable and create an extra safety net to ensure data is secure. A well-written contract of employment can address these issues, and it’s a good idea to include a point in the working from home risk assessment and policy to factor this step in.
Similarly, this process should be included when looking at the workplace. In 2016 CNBC reported that the biggest threat companies face when it comes to data breaches is not hackers, but people inside the organisation. This theft can even be inadvertent; there have been horror stories of members of staff taking selfies in the workplace and unintentionally including confidential or sensitive data in the background of the photo. Once this is posted on social media it’s in the public domain and a serious breach.
As technology continues to evolve it is important HR policies keep up. With more employees working from home it’s vital that risk assessments are mindful of all the dangers present, and that protections such as NDAs are considered.
Keely Rushmore is partner in the employment team at SA Law
