How to protect business records and avoid lawsuits with virtual employees
Colorado entrepreneurs should take note of this insight
It’s been a year since the COVID-19 pandemic ushered in a new way of life for most Americans. One integral part of this new way is that there are more employees in a remote work environment than ever before.
As offices took safety precautions to prevent the virus’s spread, they closed their doors and asked their employees to work from home.
With very little notice, most companies were markedly unprepared for the transition to remote working. They quickly found their way around Microsoft Teams, Zoom, Amazon Chime, and other tools to connect businesses and their employees online.
However, one key component of the remote work environment may have been overlooked.
Business Data Could Be Vulnerable in Remote Work Environments
Company IT and legal departments were left to connect the remote workforce’s dots and protect business-related information and documents. Many employees turned to their personal cloud-based apps such as Google Docs or Dropbox without having pre-authorization or vetting from their legal or IT departments. Business tasks were created, assigned, shared, and stored in these apps with little or no protection.
Making matters worse, employees relied on communications platforms like Facebook Messenger, iMessage, Snap Chat, and WhatsApp to communicate with co-workers about business-related issues. Further obscuring the process of identifying, preserving, and collecting business data.
If not otherwise instructed, employees may turn to the programs and technologies they are most familiar with or what is easily accessible to them. It’s no wonder that employees who work from home often use the same tools they use personally for business. To keep them from doing this, companies should try to be one step ahead in providing the tools for them to use.
This sudden shift in conducting business could leave companies open to many legal issues. Businesses of all types and sizes should consider whether to make immediate changes in how they handle their data in the remote work environment to try to prevent litigation and other far-reaching consequences.
IT Department and Business Attorney Collaboration
The first step businesses may want to consider taking is to ensure that their IT department and their business attorney collaborate. IT departments provide the technical knowledge and tools, while attorneys can provide the parameters and expectations for handling data remotely. Together, they can work towards restructuring document retention policies that detail how data creation and storage should be dealt with when working remotely.
IT and the company attorney may also want to consider reviewing policies on employee use of personal devices and apps that lack company management. Suppose employees are allowed to use their own devices to work remotely. In that case, the company should provide training on using them appropriately for work purposes, including instructions about retention settings.
If the company is part of a highly-regulated industry, it might need to provide devices for its employees to use. However, this doesn’t mean the company or its employees are off the hook when it comes to protecting company data. Finely tuned technical controls and robust policies, such as only allowing specific employees to access company devices or remote desktops, might be a good option to consider.
Maintaining Control Over Business Information and Communications
Businesses can’t preserve information that is outside of their control. Most do an acceptable job of controlling information in the office setting, but for remote work, they might not. Ethically maintaining control over their data is something businesses should consider prioritizing with employees in a remote work environment. When employees are using their personal cloud services for company data, the data could be outside of business control. It might not seem like a big deal, but it could leave the company open to many liabilities.
The company may want to inform each employee of their obligation to maintain secure business data, whether electronic or on paper. Policies could be used to explain where and how to preserve documents from an employee’s home office. It could also be useful to consider having employees minimize printing, keep documents in a safe and secure location, and shred anything that isn’t required for preservation as soon as there’s no longer a business need.
To try to ensure all employees are aware of the policies and can access them when needed, companies can consider:
- Virtual training sessions
- Having easily accessible electronic copies of updated usage, preservation, and document retention policies
Updated policies for the remote work environment may want to:
- Discuss the locations and technology platforms employees can use to create, store, and share company data.
- Include instructions concerning where documents shouldn’t be saved, such as personal flash or thumb drives or other communication devices.
- Remind employees about their obligations to secure and preserve business data if litigation is or must be reasonably anticipated.
- Have a method for enforcement that shows employees that the company takes the policies seriously.
- Include contact information to answer policy questions and address concerns.
Keep Data Fully Protected
In addition to considering establishing a cybersecurity and device security policy, companies and their employees may also want to consider taking the following steps to try to keep their data fully protected:
- Rely on two-factor authentication
- Use encryption software
- Implement firewalls, antivirus software, and anti-malware
- Avoid employee use of personal cloud-based storage for business data such as Google Drive, Google Docs, Dropbox, and the like
- Use a secure connection rather than a public Wi-Fi
- Use privacy screens
- Refrain from sharing devices, login IDs, and password information with anyone in the household
- Save all content to the designated network, not to a desktop
How a Business Lawyer Might Be Able to Help
A business lawyer may be able to review your existing policies to determine if they comply with both state and federal laws, as well as the standards of practice for your industry. They can try to assist you with pinpointing any necessary changes and might be able to help you develop additional internal policies that may assist with preserving and protecting your business data and help your business try to avoid litigation.
Your business has likely encountered enough stress and added expense over the past year. You don’t need any litigation to compound that stress and expense. By consulting with a well-versed business lawyer now, you might be able to keep your business out of legal trouble in the future.
Ellie Lockwood is a preeminent female commercial and business litigation attorney in the Denver Metro area with experience in commercial litigation and business disputes, intellectual property litigation, and environmental and natural resource litigation. She is the commercial litigation practice group leader for Snell & Wilmer L.L.P.’s Denver office, and an instant resource to business owners and other legal professionals on risk mitigation strategies throughout the Mountain West.