Technological advances have had a profound effect on a number of aspects of the employer/employee relationship, but perhaps none more so than in relation to the place of work. An increasing number of employees are working remotely, whether from home or at wireless hotspots, facilitated by developments in areas such internet technology, remote broadband connection, smartphones and teleconferencing facilities. A recent survey found that the majority of business professionals perform some of their work from a remote location.
The trend towards remote working has a number of advantages for employers. In particular, it can drastically reduce office costs, can increase productivity (for example, by reducing employees' commuting time) and can act as an incentive for recruitment purposes.
However, for all the advantages on offer, the rise of remote working and the technology which has enabled this to happen also present a number of challenges and risks for employers to address. In this article, we outline the key considerations for employers as well practical steps for managing the risks.
Communication and reporting issues
Although the growth of remote working owes much to the various new communications channels available, a legitimate concern for employers is the difficulty of supervising and managing employees who are not physically visible in the office.
There is an inherent degree of trust involved in permitting an employee to work remotely. Nevertheless, employers are certainly advised to manage expectations by putting clear communications procedures in place for employees working remotely. Ideally, employers would have clear terms in their employment contracts with remote workers dealing with communications issues, including provisions regarding:
- their availability during working hours – typically, many remote workers are required to remain readily contactable during specific "core" hours;
- a requirement to attend the office when reasonably required (for example, for client or team meetings or for appraisals); and
- any special reporting requirements – such as regular updates on work activity.
Such contractual arrangements may be supported by more generic guidance for remote working which would typically be contained in a remote working policy. This is something which employers have been slow to develop, with two-thirds of respondents in a recent survey saying that they had not yet implemented such a policy.
Provision of equipment
An employer must decide who will be responsible for providing, maintaining and repairing equipment used by remote workers for work purposes (such as a PC, hardware and software, email and broadband connection, business telephone line, desk, chair and filing cabinets).
There is no requirement for employers to provide such equipment but, despite the cost, there are clear advantages in doing so. The provision of appropriate equipment provides remote workers with the infrastructure in which to be productive. In respect of electronic equipment, the employer has the comfort of ensuring that the devices used remotely are secure – for example, by providing equipment with suitable anti-virus and firewall software in place. Employees' personal electronic equipment is more susceptible to being compromised. It is also easier for an employer to recover commercially sensitive information held on property which is owned by the company (see below).
However, employers should be aware that they will need to comply with a variety of EU and UK health and safety laws covering the use and provision of equipment supplied to remote workers (a full discussion of these laws is outside the scope of this article, but please let us know if you would like further advice on this issue). More generally, employers should undertake a risk assessment for remote workers and take steps to remove or reduce any hazards which are identified. It is easy to forget that the general obligation on employers to provide employees with a safe system and safe place of work applies equally to remote workers.
Employers should also check whether:
- their insurance arrangements cover the provision of equipment to staff based remotely – if not, then an employer may need to extend their insurance cover or require remote workers to take out their own adequate insurance cover; and
- any software licences would be breached – which they might be if such licences do not anticipate staff working remotely.
It is also prudent for employers to confirm that the terms of their employer liability insurance cover extend to employees working at home and remotely. Employees should also be contractually required to check that working from home would not breach the terms of any other agreements, such their mortgage or home and contents cover.
The proliferation of remote working has resulted in an increasing amount of confidential information being taken and produced outside the office environment. Such data is therefore less secure and more readily capable of being lost, stolen or unintentionally disclosed.
It is no coincidence that the last few years have seen a number of high profile incidents of data loss. In September 2010, for example, an NHS Trust was reprimanded by the Information Commissioner after a doctor left an unencrypted memory stick with private patient information on a train.
The concern for employers is not just limited to the obvious commercial ramifications of sensitive business information being lost or unintentionally disclosed. There is also a legal issue in that employers must comply with the Data Protection Act 1998. Among other things, this Act requires employers to process personal data fairly and lawfully and to keep such information secure. From April 2010, a serious breach of the Act can result in a fine of up to £500,000.
So what can an employer do to mitigate against the data security risks? Statutory guidance emphasises the importance of a risk assessment addressing security issues. Employers should use the results of the risk assessment of remote working to develop clear policy guidelines and procedures to guard against the accidental loss and destruction of confidential data.
For example, an IT, electronic communications or remote working policy should contain clear rules and precautions relating to:
- the use of remote company equipment solely by the employee and for business purposes only;
- the responsibility of employees to keep data secure and to look after company equipment in a remote setting;
- the use of passwords and encryption to keep electronic data secure;
- the security of wireless connections;
- the safe transfer of data across different communications channels; and
- the safe retention of confidential documents and the safe disposal of documents once they are no longer in use.
The policy should be regularly communicated to employees, reinforced with appropriate training, and subject to on-going review to ensure compliance with its content.
Employers should explore options such as a Virtual Private Network (VPN) as a secure means of enabling employees to access the company network from a remote location.
Recovering property and confidential information
A further concern for employers of remote workers arises at the end of the employment relationship, particularly if the remote worker is leaving to join a competitor.
An employer will be eager to retrieve any company property and confidential information, but this is potentially more difficult in circumstances where the employee does not work in the office.
It is therefore essential that appropriate contractual protections are put in place enabling the employer to recover its property (such as PCs, laptops or mobile telephones) either on termination of employment or once notice of termination has been served. There should also be a positive obligation on the employee to return any confidential information to the employer in these circumstances.
But what if an employee uses their own PC, laptop or mobile phone for work purposes, and stores confidential information on these devices? Again, it is important that the employment contract allows the employer to inspect these items at the end of the employment relationship solely for the purpose of irretrievably deleting any confidential information which is found.
For homeworkers, this should be backed up by a contractual right for the employer to access the employee's home on reasonable notice for the purpose of inspecting work-related items (such as software programs) and removing confidential information.
Employers may also be more inclined to actively monitor the communications of employees who are not physically present in the office. We will outline the legal issues surrounding monitoring of employees in a separate article.
Remote working is set to become more popular as the technology on which it is dependent continues to progress. Employers should be mindful of the potential legal and commercial risks presented by remote working arrangements and take steps to mitigate against those risks.
Frequently this will be through the development of policies and procedures regulating the unique circumstances of the employer and employee relationship in a remote working setting. These policies and procedures will need to be regularly updated to tackle the additional security risks caused by the latest technology (such as tablets).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.