The French National Commission for Data Protection (“CNIL”) has published recommendations to ensure data protection while employees are working from home.
For almost one month, working from home has become the privileged form of work whenever the employee’s duties allow it. More than ever, it is key for employers and employees to be cautious and protect their data, especially if employee is using his personal IT tools. In this context, the French data protection authority (CNIL) provides the following recommendations to secure this unprecedented situation:
Follow the employer’s instructions
First, the CNIL encourages employers to draft an IT policy or a minimum set of rules defining terms and conditions of the use of the company’s network or IT equipment during the containment period.
This document must then be communicated to employees in accordance with the company’s policies.
On this basis, employees are invited to follow these instructions and separate professional from personal uses of the company’s equipment.
Secure internet connection and computers
To work from home safely, employees must ensure that their internet connexion is sufficiently secure to protect the company’s data. To do so, the CNIL notably recommends employees to verify their Internet box’s settings and, as the case may be, reinforce it.
Furthermore, when the company provides employees with an IT equipment, the CNIL highly recommends the use of a VPN (“Virtual Private Network”) creating a virtual extension of the company’s network to the employee’s remote station. Thanks to the VPN, the employee will benefit from a secured access to the company’s network while he is working from home.
Finally, if the employee must use its personal computer to work from home, he must above all ensure that its computer is sufficiently secure to process and store the company’s data. Notably, the employee must install an antivirus and a firewall system and use a personal account with a strong password that no one else will have access to.
Communications between employees must be secured to avoid the transmission of confidential data through services for the general public providing for messaging, files storage and sharing,
According to the CNIL, the use of applications authorized by the company is highly recommended to protect professional data and the employee’s private life.
As indicated by the CNIL, hackers generally take advantage of crisis or turmoil periods to invent new scams and profit from these events.
Thus, more than ever, employees must be vigilant if people they do not know try to share information or content with them, or if people they are used to communicate with share unusual information or content.
Finally, in case of doubt, the employee must refer to the company’s Data Protection Officer (DPO) or Information Systems Security Manager.
To find out more about the protection of workers' personal data in times of health crisis, please read our article : "Employeur, Covid-19 et gestion de crise : urgence ne doit pas rimer avec precipitation".
Report: impacts of Covid-19 (Coronavirus)
Our law firm offers you its legal assistance to address all the impacts of Covid-19 (Coronavirus) on your business. Read our dedicated report below.
For more information on our law firm:
Our law firm is a leading international business law firm. Its deep roots, unique positioning and highly recognised expertise enables it to deliver innovative, high value-added solutions in all areas of the law.