On 23 March 2020 the Government issued guidance which requires the public to stay at home, subject to limited exceptions. To have staff working from home whenever possible has become the new normal.
While the Big Four have had remote working arrangements in place for some time, the requirement to work from home will present new challenges for many accountancy businesses particularly mid-size and smaller firms who will not necessarily have had the infrastructure in place.
Health and Safety
Employers have a duty to ensure, so far as reasonably practicable, that their employees and other people who might be affected by their business, are not exposed to risks to their health, safety and welfare. This duty does not go away because an employee is working from home.
While it is common for some employees to work from home, for many others working from home will be a new experience. They may not have a dedicated workspace and may find themselves working in unusual situations. Employees should carry out a risk assessment and work with their employer to take appropriate measures to reduce any associated risks.
Employers should consider what support and guidance they are able to offer during the lockdown, including:
- Ensuring that employees do not work excessively when there is no ‘normal’ start and end of the working day.
- Reminding employees to take regular breaks.
- Encouraging employees to utilise corporate video conferencing facilities, phone/instant mssenger/email/internal platforms.
- Providing reliable information regarding the Covid-19 outbreak and emotional support to employees.
- Adjusting performance targets or metrics.
- Sending out work kits and providing IT support to enable effective working practices.
- Implementing safeguards such as regular check-ins with their manager for those employees who might be working alone.
In normal circumstances, employees would not work from home while also providing childcare. However, the Covid-19 outbreak is unprecedented with schools in England, Scotland and Wales closed except for children of key workers.
If employees need emergency time off for child care or to make new arrangements, they can use:
- time off to care for someone else (‘time off for dependants’), or
- holiday, if their employer agrees.
Employers are likely to need to take a pragmatic approach as the majority of parents in the workplace will face this issue. A ban on working from home while also looking after children may prevent a large proportion of the workforce from performing any duties.
Employees with younger children who require constant attention may not be able to work at all while responsible for looking after those children. However, they may be able to split the childcare with the other parent, so that both parents are able to, at least, continue working part-time.
To allow employees to work around their childcare responsibilities, employers should be prepared to implement more flexible homeworking arrangements, including:
- Working different hours.
- Agreeing to part-time arrangements instead of working each full day or full week or compressing the working week.
- Reducing work targets.
- Being flexible about deadlines where possible.
The same approach may be needed if an employee is caring for an older relative or someone who is ill.
Information security in an isolated world or connected more than ever?
Employees will use a VPN to connect to the company’s systems while working from home. Whilst VPNs generally offer secure encrypted connection, they do come with security risks that could lead to a personal data breach. VPNs are often hosted by third parties which may be distracted by the sudden surge in traffic.
Similarly, an IT department may rush implementation focusing on admin and issuing login credentials while security may be neglected. In its recent fine of £500,000 issued to Cathay Pacific the ICO specifically complained about the lack of multi-factor authentication in the company’s VPN. A single password is not enough, as credentials may be leaked on the dark web. Information security is an aspect of data protection that should not be overlooked.
For confidentiality reasons, corporate services must be provided rather than have your staff use their personal communication channels.
Many collaboration and communication tools will allow you to gather productivity-related data. However, monitoring must not be applied in situations where employees have an expectation of privacy. Monitoring must be explained by way of a privacy notice and it must be proportionate and fair.
Employees should be reminded of social media policies but also of phishing emails, scam callers and other risks presented by a surge in new channels of communication with colleagues and the world.
Finally, where documents are printed at home, staff should be reminded to shred or bring them back to the office for secure disposal when possible.
Given the uncertainty about how long the Covid-19 outbreak may last, employers should deal with these issues now, and not assume that the situation is short term only as it is not clear how long the lockdown will be in place.
Rebecca Butler and Alex Dittel are associates at Kemp Little LLP, the technology and digital specialist law firm Kemp Little LLP www.kemplittle.com