Akarsh Singh is the Chief Executive Officer and Co-founder of Tsaaro, India’s premier Data Privacy and Cybersecurity consulting company. As the company’s CEO, he leads the Data Protection Consulting team and is responsible for directing the management, developing the company’s strategy, and putting it into action. This young entrepreneur has a strong vision to establish an efficient data secure environment by constructing powerful data security technologies, based on his industry expertise of more than 5 years in the Data Privacy and Cybersecurity field. Mr. Singh earned a Manufacturing Engineering degree from the National Institute of Foundry & Forge Technology. He has also been a Fellow In Information Privacy (FIP), CIPPe, and CIPT, being of the youngest FIPs in the world.
By 2020, practically every team was discussing remote work. What was the best way to do it, what were the hurdles, and if it was a good fit for them? The discourse has now switched to the hybrid model, which will be discussed in 2021. Now that people are starting to assemble in person again, how can firms effectively integrate remote workers with an in-person component at their existing office spaces?
Organizations are discovering that their workforce is unwilling to give up remote work as offices reopen. People who began working remotely as a result of COVID-19 largely support it and plan to do so in the future. Companies can no longer claim that they can’t operate remotely (a popular argument for avoiding remote work before 2020), but they also can’t expect employees to return to the office full-time in the face of an ongoing worldwide pandemic. The most popular option is the hybrid model, which appears to be a problem for any firm at the present.
What is a Hybrid Work Model?
A hybrid work model is one in which an employee’s schedule includes both in-office and remote work. Employees have the option of working from home on occasion and coming into the office on other occasions. There is no such thing as a universal hybrid model. Each organization creates a hybrid model depending on the company’s needs as well as the individual employee’s demands.
Popular Hybrid Work Model Structures
- Office-First, Remote Allowed
Data Protection Challenges in Hybrid Model
I’m guessing we haven’t given much thought to one aspect of the topic: employee privacy. With the Delta-Omicron variant raging, employers are focusing on health and safety as key priorities, which is understandable. However, the same technologies that promote health and safety also jeopardize employee privacy, posing serious threats to both the firm and the facilities in which it operates.
Take occupancy management software, for example, which includes space planning, room/desk booking, and usage optimization. This is the technology that allows major corporations to use the hybrid model. Data is collected by sensors or Wi-Fi, and the software frequently interfaces with workforce management software and other HR information systems. Adoption of such technology leads to increased efficiencies and cost control, but the term “data collecting” should raise red flags. You must account for privacy when gathering data on your employees.
Data gathering is governed by privacy regulations such as the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), and numerous recently adopted statutes. China’s Personal Information Protection Law (PIPL), which takes effect November 1, and the California Privacy Rights Act (CPRA), which supplements the CCPA, are the most recent. Many other states in the United States are enacting or have implemented their own legislation. The Consumer Protection Act of Canada is also in the works (CPPA).
Noncompliance can have very serious repercussions. For example, the maximum GDPR penalties are 20 million Euros or 4% of a company’s global revenue. And the penalties are piling up: Facebook’s WhatsApp service was recently fined $270 million by Ireland. Luxembourg had previously penalized Amazon $886 million and Google $57 million. This isn’t exactly pocket change.
To now, California’s CCPA implementation has been marked by caution, but if fines are imposed, they can quickly mount. The CCPA imposes a $2,500 fine for every inadvertent infringement (notice the ‘every’) and a $7,500 fine for purposeful offenses. You get my drift. In the near term, the epidemic may have diverted attention away from privacy, but we may expect more and more governmental entities to implement privacy regulations and impose penalties for non-compliance in the future. If CEOs are looking for something to keep them up at night, this pattern is a strong contender.
There’s also a lot to be concerned about in terms of human resources. Take, for example, the Daily Telegraph, a British daily. By putting motion trackers under the desks of its reporters, management hoped to keep track of how much energy and space was being used. Employees were outraged and protested after learning of the changes with little notice. The publication removed the trackers in reaction to the outcry. What are the end results? Employee morale plummets, and money is squandered.
Employees may be upset with data collecting even if they are given more notice, especially if it concerns personally identifiable information or PII. Some businesses want information on who occupied space and when they arrived and left. Companies may even keep track of how long someone spends in the restroom! With this degree of information, the legal risks increase, and businesses face employee resistance, as well as bad morale, low productivity, and high turnover—all of which feed one other and jeopardize a company’s financial health.
The good news is that occupancy management software does not necessitate the use of personally identifiable information (PII). Some employers are only interested in knowing how many people were in a room at any given time. Companies can use the data to change their office footprint to limit density, meet social distancing comfort levels, and better understand space utilization trends, all of which can lead to cost-cutting decisions on rent and utilities. Employees, on the other hand, value the confidence that when they arrive at work, they will not be seated too close to their coworkers and will have their own allotted workspace for the day.
The first difficulty could be that security in a mixed workplace is a shifting objective. There is no feasible method to set up a security perimeter with employees requiring remote access to the company network on a wide range of devices and from every imaginable location.
We’re talking about a workforce that has spent the previous year experimenting with new work methods. They’re more mobile now, hopping between devices and networks, and they’re also more likely to use cloud collaboration tools to communicate potentially sensitive information among coworkers. Users are combining personal and corporate data in greater numbers than ever before, making them more vulnerable to phishing assaults.
Another big challenge for companies is managing workers logging in to company devices from various locales. The vulnerabilities are increasing as companies expand out that network and more people are working from home.
Because remote and hybrid workers use multiple devices for work and connect with unmanaged devices which raises the potential for data leakage, another great concern is endpoint breaches. While most IT-managed devices download and install security patches automatically when connected to the company network, that’s not necessarily happening when someone is working remotely.
Last but not the least challenge of a hybrid workforce is that the disruption of established processes, like productivity, communication, and collaboration, will continue and the data can be lost or compromised because of the breaking of chains repeatedly.
The benefits of a remote or hybrid workforce are plentiful, which can further be maximized by instituting a robust data protection system. As technology evolves, the threat landscape will get more sophisticated but so will the resilience of data privacy initiatives. Building a sustainable security culture with the right tools and making privacy a part of the organization’s DNA is a clear way ahead.