Mass remote working creates data protection risks, survey finds

21 Jan 2021

Image: © foxyburrow/Stock.adobe.com

While 80pc of companies surveyed believe large-scale remote working has created data protection risks, only 55pc have implemented new procedures.

In the early stages of the Covid-19 pandemic, workers all over the world were sent home and a sudden mass movement to remote working took place. But this led to concerns around cybersecurity and data protection as cyberattacks rose at “alarming” levels.

Now, a new survey suggests that 80pc of organisations believe large-scale remote working during the pandemic has created additional data protection risks.

The survey from Irish law firm McCann FitzGerald and audit, tax and advisory firm Mazars also found that 51pc of companies have stopped their employees using free communications tools that do not provide adequate data protection.

This comes after privacy concerns have been raised around tools such as Zoom, WhatsApp and smart speakers. In March 2020, Bloomberg reported that UK law firm Mishcon de Reya issued advice to staff to mute or shut off devices such as Amazon’s Alexa or Google’s voice assistant when they talk about client matters at home.

In June 2020, the Irish Revenue Commissioners also sent out warnings requesting staff to use Skype for Business rather than Zoom to protect taxpayers’ information.

GDPR compliance

While the survey from McCann FitzGerald and Mazars highlights employers’ concerns around data protection, only 55pc of respondents said they have implemented new procedures or policies to mitigate this risk.

Nearly half (46pc) of respondents were concerned about the prospect of being fined for GDPR non-compliance when staff are working remotely.

But almost 10pc said they do not log personal data breaches and 21pc said they don’t conduct reviews of records of their data processing activity.

Only 51pc of organisations reported conducting third-party risk assessments, and just 36pc require the completion of questionnaires by third parties confirming compliance.

Liam McKenna, partner at Mazars Consulting Services, said that while more organisations are viewing GDPR more positively, large numbers are still failing to complete mandatory compliance activities.

“These organisations are running a real risk of incurring fines, as well as serious reputational damage, unless they move quickly to address these shortfalls,” he said.

Earlier this week, a report from law firm DLA Piper showed that data breaches in Europe rose by almost 20pc in the last year, with Ireland ranked as the third highest country per capita for breaches notified to regulators.

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com