Be Prepared: How to Proactively Account for Data Privacy

Have the right policies in place

• Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
• Draft and make accessible to employees a policy concerning the purposes for which, when, and by whom, suspicious log data can be accessed, and implement and enforce acceptable and unacceptable use of IT work facilities policies.
• Evaluate policies regularly. Policies that allow monitoring of communications should be reviewed at least annually to assess whether they are the least intrusive means to achieve the stated purposes.
• Stay informed on updates in the law surrounding monitoring, and note that these rules also apply to the monitoring of electronic communications in the workplace.

Click here, to continue reading on the Cleary Enforcement Watch blog.