This website uses cookies for anonymised analytics and for core features such as voting on polls and comments. See our privacy and cookies policies for more information.

Get TFN updates
The voice of Scotland’s vibrant voluntary sector

Published by Scottish Council for Voluntary Organisations

TFN is published by the Scottish Council for Voluntary Organisations, Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh, EH3 6BB. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation. Registration number SC003558.

Charities warned: home working could lead to data breaches


Kate Wyatt, employment law expert with Lindsays, urgescharities to take action now as she says they cannot afford to ignore risks of non-compliance with the regulator unlikely to continue to make allowances because of the coronavirus crisis

Charities face an increased risk of data breaches and heavy fines because of staff working from home long term and must take action to reduce the threat.

The warning comes as charitable organisations face the prospect of the majority of their people continuing to work from home for the foreseeable future as part of Covid-19 protection measures.

Employees must be reminded of their obligation to ensure that confidential data is not disclosed, with training and the proper remote IT access security infrastructure put in place where needed.

Unintended potential risks can come from visitors to their home or those they share properties with simply seeing information on computer screens or from paperwork sitting out.

Kate Wyatt

It’s important that employers show that they have taken all reasonable steps to stop data breaches from happening

Kate Wyatt

Data protection breaches can be met with financial penalties or sanctions from the Information Commissioner’s Office (ICO).

The potential increased threat of data breaches from home working is a real one, which charities cannot afford to ignore. The nature of how we went into lockdown means this may have been overlooked as employees moved out of offices, but with home working a long-term - or permanent - prospect for a great many, employers need to take hold of this issue immediately.

As home working becomes more normalised, I doubt the ICO will look any differently at breaches because of the circumstances in which it started. They will simply ask why employers have not got their house in order.

The ICO undertook in April to adopt a ‘pragmatic and empathetic’ approach to compliance because of the exceptional circumstances. As time goes on, and with home working set to continue, the circumstances are arguably no longer exceptional.

It’s important that employers show that they have taken all reasonable steps to stop data breaches from happening. They must remind employees about the need for IT and physical security.”

GDPR sets a maximum fine of almost £18 million or four per cent of an organisation’s annual global turnover – whichever is greater – for infringements.

Confidentiality is one of a number of key areas in which employers must take action amid increased home working. Others include monitoring performance management and working hours.

The changing work environment will alter the way that many charities have to manage performance. For third sector organisations which do not have KPIs in place, they are going to have to think about how they assess performance with a greater number of staff working from home.

Charities were too busy firefighting a lot of ramifications of home working, while facing numerous additional momentous management challenges, as we went into lockdown, but that does not remove the obligations they have to their staff. They have to consider these issues before problems arise rather than just as they happen.

Kate Wyatt is a partner at Lindsays.



Be the first to comment.