COVID-19: Working from home, WH&S & Privacy
The rush to move entire businesses to a work from home model was frantic. Some managed the process better than others but no matter how prepared your business was for the change there may be some critical legal issues you’ve overlooked.
Many businesses are now looking to bring their workforces back to the office but there is also a clear trend towards using working from home as a solution to productivity, office space and other factors.
Outlined below are some key issues you should consider now the dust has settled on the work from home rush - particularly if you think this working arrangement is likely to continue in your business into the longterm.
Workplace Health & Safety - Working from Home
In Australia, workplace health and safety (WH&S) laws still apply even when employees are working somewhere other than their usual place of work. In the case of COVID-19, if your employee is working from home, WH&S laws still require employers to minimise workplace risks to their employees. Failure to adequately address the issue of COVID-19 in the workplace may breach workplace health and safety laws or open your business up to liability.
Safe Work Australia has identified two major risks to the new 'working from home' workforce. These are:
- Physical risks from a poor working environment (temperature, lighting, electrical safety, home hygiene); and
- Psychological risks from isolation, varying job demands, reduced support from colleagues and managers, online harassment and domestic violence.
To address these WH&S risks, many employers have implemented a ‘working from home policy’. These policies are a great tool to help address the risks and ensure that the employee is fully informed of the requirements when they are working from home.
There are a few other practical suggestions for employers to consider. They are as follows:
- Provide employees with guidance and examples of what is a safe home working environment (check the floor, desk and chair, electrical safety, and emergency exit arrangements);
- Require employees to follow ergonomic practices or engage an occupational therapist to assess each home workstation (check the height and angles of computer screens and keyboards, and any movement while working);
- Communicate actively with employees (consider regular updates through the COVID-19 crisis, facilitate active video chats or telephone calls, and facilitate additional training which might be required given remote working);
- Offer employees assistance programs that allow employees to obtain health and wellbeing support services; and
- Review and monitor employee timesheets, leave, attendance during an internal meeting and other entitlements.
Privacy & Confidentiality - Working from Home
As employees’ transition to their new working from home routine, this, unfortunately, opens up certain privacy and confidentiality risks for employers. Employers may require employees to deal with commercially sensitive information about their business. Additionally, employers, particularly those in the legal, financial, medical or allied health sectors, may require their employees to deal with their client or customer's personal information.
Where employees reside with other family members or in share houses, there are risks of inadvertent disclosure of an individual's personal or sensitive information. This could result in a notifiable data breach event occurring due to a breach of the Australian Privacy Laws.
Examples of this inadvertent disclosure of information could include:
- Family or friends in the household viewing confidential documents left visible on desks or left open on devices and computer screens;
- Taking telephone calls which can be overheard by household members or neighbours;
- Unsecure networks, personal computers without adequate virus and spyware protection allowing cybercriminals to infiltrate and gain access to work networks or servers; and
- Disposing of printed confidential material in normal household waste bins without shredding or adequate de-identification.
To help safeguard confidential information, employers should consider the following:
- Ensuring employees internet connections are secure. Do not allow employees to access systems or documents through public internet networks;
- Keeping sensitive work secure, hidden and out-of-view of others;
- Requiring employees to answer or make telephone or video calls in rooms without other people present or within earshot or active listening smart devices;
- Requesting confirmation of adequate anti-virus software on all computers that will access systems and information;
- Consulting with the necessary IT professionals to ensure full system network security;
- Developing and implementing a cybersecurity policy and a notifiable data breach procedure;
- Requiring employees to have family members execute Deeds of Confidentiality to ensure the confidentiality or any information which might be inadvertently overheard or seen despite controls.
Employees Health Information & Status - Employers Beware
With the virus requiring businesses to act quickly, it is essential for employers not to disclose an employee’s health information inadvertently. This disclosure may be to the wider workforce when that employee notifies the employer of their contraction or a diagnosis of COVID-19. This may not be in the best interest of both the employee’s confidential health information and status, or the business itself as disclosure may amount to a breach of the Australian Privacy Act.
Under this Act, employers have obligations to maintain a safe workplace for staff and to handle employee personal information appropriately. An employee notifying their employer about a health-related condition or infection would be ordinarily classified as ‘health information’ under the Privacy Act. Health information requires a higher standard of care by employers.
An employee’s diagnosis with COVID-19 should still be collected in the ordinary course of business. Public health authorities may contact employers in the event an employee is confirmed to have COVID-19. However, employers still need to ensure that they are not disclosing an employee’s health information to other employees and clients and customers, particularly without the employee’s consent. Employers should only provide information that is reasonably necessary to prevent or manage COVID-19 in the workplace.
It may not be reasonably necessary to reveal the identity of the infected employee and their condition to others. Practically, this may apply in the case of two employees previously working together, and one employee is subsequently diagnosed with COVID-19, and the other employee is at-risk. In that instance, there will be a process of contact-tracing, and the employer will have an obligation to reduce the risk of the employee that is at-risk by notifying them. It would be a similar case for a client or customer having a face-to-face meeting with an employee.
For employers wishing to know more information about their privacy obligations, we recommend that they check out the Office of the Australian Information Commissioner’s COVID-19 privacy guidance here.
If you need assistance in navigating COVID-19’s effect on your business, then you should feel free to get in touch with one of our team members.
You can review our recent legal alerts concerning businesses and COVID-19 by visiting our website. We’ve published various articles and useful information for employees on topics like standing down employees, directing employees to work from home, commercial rent issues and the new Commercial Tenancy Mandatory Code of Conduct.
For more information contact our Workplace Team.