In the Philippines, Republic Act No. 11165 was enacted by Congress to institutionalize telecommuting as an alternative work arrangement for employees in the private sector.
“Telecommuting” refers to a work from an alternative workplace with the use of telecommunications and/or computer technologies. Said work arrangement may be offered by an employer in the private sector on a voluntary basis. With said scheme, an employee can render his work in a location other than the regular workplace. This is also known in ordinary parlance as work from home.
Said arrangement has been useful in cases of national emergency or calamity where reporting to work becomes difficult. But some of the worries include the risk that may be experienced when personal data and company-related information are to be processed outside the regular office location.
In terms of data privacy, RA 11165 specifically provides that the employer shall be responsible for taking the appropriate measures to ensure the protection of data used and processed by the telecommuting employee for professional purposes. The telecommuting employee shall ensure that confidential and proprietary information are protected at all times. As such, the Data Privacy Act or RA 10173, shall supplement the said requirements.
How is privacy then observed during a work from home arrangement? Below are some useful practices that can be implemented by the organisations whenever they employ an alternative work arrangement:
- Require employees to sign an undertaking to hold and operate data under strict confidentiality.
Under the Data Privacy Act, it is the responsibility of the HR to ensure that all employees, agents, and representatives of the organisation shall hold and operate the data that will come into their possession under strict confidentiality. As such, employees may be required to perform certain obligations to protect the data that they process when rendering work from home. With said practice, employees will seriously ensure that confidential and proprietary information are protected at all times.
- Establish guidelines on the proper use of and access to electronic media.
If employees are to use company-issued electronic media, the employer shall ensure that said equipment shall not be left unattended and shall be protected by a password. The employees shall also not allow unauthorized persons to use company-issued electronic media to avoid unauthorized access to personal information.
- Require encryption of personal data.
This will ensure that only the authorized recipients of communication can access the personal data processed by the employees who are working in a remote area.
- Define the appropriate alternative workplace where the employee can render work from home.
The employer shall ensure that the employees will only render work in a secured area that will provide them privacy when processing personal data. The design of alternative workplace, including the physical arrangement of furniture and equipment, shall provide privacy to anyone processing personal data, taking into consideration the environment and accessibility to public.
- Disable drives and USB ports.
This is to avoid copying of personal data from the electronic media used for processing of personal data.