Posted In: Cybersecurity & Data Privacy
By Craig S. Horbus & Nicole M. Thorn on June 24, 2020
Do you have a remote work policy? That is the first question we ask when advising companies on getting back to work and working from home. The answer 90% of the time is, “no...” So how do we operate our companies with employees scattered? Even with many state’s lifting stay-at-home orders most companies will retain some level of their workforce in a remote environment. Businesses need to operate (even remotely) safely and securely and that starts with having proper policies in place to govern data security and network access.
Whether your company wants to maintain a flexible remote work environment (also known as telecommuting) or a more rigid one – the key is to spell it out in policy form. With reports indicating that as many as 16 million workers, nearly one-quarter of all knowledge workers, were working from home at the start of the stay-at-home orders and the reality that this number has likely increased since then – puts millions of workers in a remote state for businesses.
With many businesses playing catch up on remote work policies this is a great opportunity to consider your company’s existing remote work policy (if any) to avoid potential liability and even litigation related to COVID-19 claims which we expect in the near future and if nothing else, take this time to set clear expectations for your employees. This is always a best practice from a data security and compliance perspective.
A good telecommuting policy will be clear and descriptive, but also allow for some interpretation and flexibility so a separate policy for many different job positions can be avoided.
Draft a clear telecommuting policy that:
- defines employees' eligibility to telecommute;
- provides a specific procedure for requesting approval to telecommute;
- directs employees to the employer's reasonable accommodation procedures;
- explains the conditions of an authorized telecommuting arrangement;
- details employee responsibilities and expectations (such as work hours, timekeeping, accessibility, secure remote access procedures, and work expenses);
- sets out employer responsibilities (for example, technical support, equipment, and expense reimbursement);
- designates the employee's specific job duties, work area, and break times to avoid liability for injuries that are not work-related;
- reminds employees that they are expected to continue to comply with all other employer policies, including electronic communications policies and social media policies; and
- notes, if applicable, any limited permissions to telecommute such as only during governmental orders necessitating remote work (ie. the 2020 COVID-19 pandemic).
Like all policies, implementation and enforcement is key. Ensure that the policy is uniformly applied to all employees. Meet and review with managers and supervisors in advance to ensure their understanding of the policy. Consider a signed telecommuting agreement with employees to ensure their understanding of the company’s expectations. Meet with your IT department and ensure that your company’s infrastructure can handle the remote access and support and that your employees have the tools they need to be successful working from home. Meet with your HR team to ensure an understanding of Americans with Disabilities Act (ADA) implications, as well as tax, benefits and payroll laws such as the completion of the I-9 form. Hourly employees must understand their work schedule and adhere to that schedule to avoid Fair Labor Standard Act and overtime issues. A change in work location may also implicate local tax law deductions and other insurance-coverage details for your company.
Don’t let out of sight be out of mind. Remote work is still work. Most companies figured out by necessity how to continue to function and collaborate while working from home. Now, pause and make sure that functionality is properly governed by an appropriate policy. Ensure that your management team continues to engage with employees in a telecommuting arrangement on a routine basis. Continue to follow your HR policies with respect to reviews, documentation of performance issues, and other related productivity matters. The impacts of this latest pandemic will likely forever change the way we work. Companies that review such impacts and adapt have a better chance of minimizing their legal exposure in the future.
Brouse McDowell’s Cybersecurity and Data Privacy Practice Group includes lawyers with extensive experience in policy drafting and review including remote work policies, data security and protection policies, incident response plans, and general business and compliance policies. Additionally, Brouse has a team of Labor and Employment, Tax, and Insurance Recovery lawyers, all of whom can provide counsel regarding these overlapping issues. Contact us for more information.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2021 Brouse McDowell. All rights reserved.