Enabling home office quickly during the corona epidemic is right and necessary. However, the issues and risks associated with the establishment or arrangement of remote working must be kept in mind. Necessary measures to be taken include ensuring compliance with data protection regulations, guaranteeing the confidentiality of know-how and business secrets, as well as IT security. Codetermination of the works council might also be required in some cases. Once working from home has been set up technically and physically, and thus the ability to work is guaranteed, you should not fail to follow up with the legal framework.
In view of the work results created by employees while working remote, it is important that companies retain access. It must be ensured that the work results are fully available to the employer at all times and that the employer has access at all times, or at least can have access. This could for example become problematic if employees use their own devices. In case the employment agreement is terminated, access, e.g. by requesting the handover of devices, could be difficult or, in the worst case, not possible at all.
It is also important that employees working from the home are given clear instructions and rules of conduct regarding the handling of internal documents and information as well as any third party data to be processed. The rules on data protection as well as on the confidentiality of client, tax or patient related information continue to be in force and must be complied with even during the crisis. This also applies to the Trade Secret Protection Act, which stipulates that trade secrets are only trade secrets if they are protected from access by unauthorized third parties using “reasonable measures”. These requirements must also be observed when working from home. Documents containing internal company information or sensitive data therefore should not be left lying around openly. Information and documents should also not be disposed of with the household waste.
The rules for the handling, storage, release and deletion of data and information must be defined and communicated to employees working from home. Employees should also be continuously sensitized and reminded of compliance with the rules for handling internal company information and personal data.
The requirements for technical and organizational measures to protect customer data and the IT systems in use, e.g. for operators of websites, also continue to apply. In the event of insufficient technical and organizational measures, there is a risk in the event of an attack or data leakage that an insurance taken out specifically for this case does not cover the attack or data leakage. The existing measures should therefore be examined and, if necessary, adapted to the current situation.
If a works council exists, it must be involved. The employer’s fundamental decision to grant the possibility of working from home is free of codetermination. Nevertheless, the employer has to observe various participation rights: for example, the works council has a general right to information already in the planning phase and must be informed in good time about the planning of work procedures and work processes as well as the workplaces by submitting the necessary documents. The planned measures are to be discussed with the works council in such a way that the works council has the opportunity to voice its concerns. Furthermore, various social and personnel matters are regularly touched upon during the actual implementation of working from home. The works council’s right of co-determination is then particularly relevant in questions concerning the distribution of contractual working hours and the introduction and use of technical equipment (PC, e-mail, telephone etc.). In addition, the statutory regulations on occupational health and safety must also be taken into account when employers enable working from home, so that the works council also has a right of codetermination in this respect. These aspects should be laid down in a works agreement in order to avoid repeated negotiations for the respective individual employees.