Tips for improving data privacy, security in remote work era

Employees have been working remotely (i.e., any place with an Internet connection) since at least the mid-2000s. The COVID-19 outbreak, which started in 2020, forced employers to permit employees with certain types of jobs (usually white-collar) to work remotely on at least a part-time basis. IT departments were overwhelmed by the pressing need to set up remote access in a very short time. In some cases, the push may have overridden established data security processes and procedures. Presumably, the situation has improved since the pandemic’s early days, but you may still have questions about the extent of your legal obligations to secure data. Here are some best practices you can follow.

Security standards for employers

There’s no universally inclusive data security standard required by federal law. If your company isn’t the type of organization covered by a specific federal standard, you must look to state standards.

A number of states require organizations to take reasonable measures to protect against the unauthorized access to and acquisition, use, and disclosure of personal information. Maryland state law, for example, says:

A business that owns or licenses personal information of an individual residing in the State shall implement and maintain reasonable security procedures that are appropriate to the nature of the personal information owned or licensed and the nature of the business and its size and operations.