PI and Working From Home — Don’t Betray Your Customers’ Trust
By now, you know the drill; The alarm goes off, you get out of bed, pull on some sweats, and head to your “office”—you know, right there at your kitchen table.
We are living through interesting times, to say the least. In the age of COVID-19, it’s safer to sit on your couch than venture outside. It’s socially responsible to avoid friends. And as we all know so well, if you are lucky enough to have a job that can be done remotely, well then, that’s what you’re doing.
Working From Home and Data Privacy
Lots and lots of ink has been spilled regarding the benefits of working at home; it’s better for employees’ overall wellbeing, it helps reduce traffic and air pollution, and more. We have also all heard about the security challenges posed by working at home; the vulnerable nature of VPNs, the thousands of new endpoint devices added, the threats of insecure network connections, etc. But not much has been said about the issue of data privacy challenges created when working from home.
Data privacy focuses on how customer personal information (PI) is shared with third parties, how it is stored, and how it complies with regulations such as CCPA and GDPR. At first glance, it might seem that working from home shouldn’t have any impact on whether a company adheres to data privacy laws and best practices or not. Moreover, in the mad dash to get employees up and running outside the office to stop the spread of COVID-19, compliance concerns seem to pale in importance.
PI and PJs—What Happens to Personal Information WFH
So just how does working from home impact data privacy and PI?
To understand, let’s take a step back for a moment; what is the overall point of data privacy regulations? Regardless of which regulations we’re talking about, their goal is to compel organizations to act responsibly with the personal information in their possession. In our data-driven world, personal information is incredibly valuable; companies build marketing campaigns around it, sell it to third parties and, on occasion, let it fall into the wrong hands.
Imagine you give your kid your favorite coffee mug; “I’m giving this to you on the condition that you keep it safe. Don’t lose it, don’t lend it to someone else without my permission, don’t leave it around carelessly.” When you find your mug strewn aside, half-filled with two-day-old coffee, you have every right to feel betrayed—and you may reconsider lending it out in the future. The goal of data privacy regulations are to ensure companies cannot mishandle, lose track of, or improperly use and/or share customer PI.
In ideal circumstances, work-from-home programs are established with a great deal of forethought and planning. From the big things, such as implementing a robust remote access solution, to the little details, like setting employees up with lunch delivery services, companies spend months working out all the details. These programs are designed to create as close to an in-office experience as possible, with WFH employees using the same tools and solutions as their in-office counterparts.
Not so in today’s circumstances. People are now working from home with subpar deployments, using home-grade routers. What’s worse, patches—which are always a sore topic for basically everyone—are difficult, if not impossible, for IT/security teams to deploy remotely, which means that machines may go unpatched for long stretches of time. They are likely using their own devices which may, or may not, have adequate security measures in place and they might also use unsanctioned tools, such as Google Drive or Dropbox. And chances are, there’s a kid or two peering over their shoulder—or sitting on their head.
Discovering Everything, Staying Compliant Anywhere
The obvious problem is the security one, which tends to get all the attention. But if you want to stay on the right side of CCPA, GDPR, and the like, and in the good graces of your customers, partners, and employees, you should be thinking about the privacy side of things as well. The typical data protection strategy is tailored to workplace perimeters. It works in accordance with the tools and technology you have within your traditional pre-WFH workplace walls. It was not meant to be used with unsanctioned tools which do not provide any insight into where customer data may be. And so, when customer PI is taken out of the intended network—or was never there, to begin with—it’s much more difficult to protect that data and remain compliant.
So now what? Working from home is apparently here to stay, at least for a few months. Companies need to find a way to discover and catalog the data created while we ride this thing out. With 1touch’s network analytics-first approach, you can automatically discover, analyze, and inventorize all PI—data in motion or at rest, in structured or unstructured formats, in known and unknown locations—granting you total visibility across your organization, regardless of where you work.
There are many things that are beyond control in the age of COVID-19. But you can regain control of your customer PI, even when your team is working from home. Not only will it ensure you comply with regulations, but it also shows your customers you really do value the trust they have placed in you—even in less-than-ideal circumstances.