India doesn’t have a data protection law or a dedicated law on cybersecurity. Also, there is no specialised law on privacy. Experts say this complicates the scenario for businesses as they continue to be liable for breach in client data even when employees work out of the home.
While some employers — mostly in the tech space — already had WFH policies, others had telecommuting agreements. For a majority of businesses, WFH was more of an informal understanding on a case-by-case basis, say experts.
“Employers have started reviewing their policies and formalising their practices,” says Vikram Shroff, head of HR Laws at Nishith Desai Associates. Atul Gupta, partner, Trilegal, points out data confidentiality provisions would apply even while an individual is working from home. “Employers would be advised to remind employees of the same and educate them on best practices to ensure that data continues to remain secure.”
Shroff says an employer could initiate legal action for a breach of the employment contract and WFH policy/telecommuting deals.
Take the instance of the $190-billion technology industry in India that employees 4 million people, and is involved in several mission-critical operations for global clients. To transition the bulk of its workforce to work out of home required several regulatory approvals from various government departments, apart from the consent of clients.
have sought permission from their clients for enabling work from home
and built internal crack teams to manage security and privacy issues,” says a note prepared by Nasscom. The tech industry is still ironing out some teething regulatory issues with the government, says the industry lobby group.
Experts say companies
looking at this transition must immediately first come up with detailed WFH policies, put them up on their websites, and get electronic consent from regular employees. Only those employees who agree with such policies should be allowed to work from home, say experts.
“The company should first ensure they have virtual private networks and cloud solutions so that basic security is taken care of even in a WFM environment,” says G V Anand Bhushan, partner at Shardul Amarchand Mangaldas & Co.
All security protocols that are normally in place relating to not sharing of passwords, shredding of printed documents, not creating back-ups, and not using unsecured networks should be rigorously maintained, he adds.
“Companies have to do far more capacity building among their employees while working from home in these transient times,” says Duggal.