log in
All Articles | Back

Member Articles


Bespoke WFH Policies to Minimise Risks for Employers 

Published: September, 2020

Submission: September, 2020

 



The world is gradually embracing remote working as an alternative way of work – hosting virtual meetings, supporting customers through online communications, and accessing data remotely from outside the office. In the past, working from home (WFH) had not been popular in Hong Kong even though evolving technologies and improved Internet speed made it possible for digital migration. Then, along came COVID-19 which forced employers and employees to adapt to the new working trend, compelling the business world to put this new working mode into practice.


The prospect of a weaker economy and border controls which affect companies’ confidence may drive employers to retain WFH arrangements as a definite option for the way forward. In fact, Google has recently extended its global voluntary work from home option until the end of June next year. Facebook has decided that a substantial part of its workforce shall be transitioned to working remotely. Twitter has also told its staff that they can work from home "forever" if they wish. Whether employers are using WFH as a temporary measure or determining to adopt it even after the COVID-19 pandemic, they should be aware of the pitfalls and fully comprehend the legal implications and risks involved when an employee’s ‘home’ is turned into a ‘workplace’. In this article, we analyse the risks associated with the WFH arrangements and provide recommendations for employers on how they can be minimised.


1. Data breaches


Staying connected online while working from home inevitably increases the risk of data privacy breaches, with information technology security becoming a challenge.


Earlier this year, the Privacy Commissioner for Personal Data, Hong Kong (PCPD) called on employers to stay vigilant of the security problems caused by the shift to remote working. PCPD cautioned employers against cybersecurity issues involved when their employees transfer and use data and information away from their professionally managed work environment, and advised the following practical steps to prevent data leakage and safeguard data security when working from home.


What employees should do


Precautions to be taken before transferring paper or digital files from work to home:


  • seek prior instructions or approvals from their employers;
  • limit the means and frequency of data transfer;
  • prevent unauthorised or accidental access, processing, erasure, loss or use of data;
  • increase the level of protection such as expurgating the data or information and maintaining safe data storage and transmission with password protection;
  • encrypt vulnerable data;
  • body-weld the documents or devices during transportation; and
  • record the movement of data.

 Internet security to prevent data leakage


  • use multi-factor or multi-step authentication for access to data or information;
  • avoid sharing the work device’s account with third parties;
  • ensure secure Wi-Fi connection;
  • change Wi-Fi passwords regularly;
  • install data security utilities (antivirus software) and the latest security patches to the devices;
  • conduct regular system updates for the devices;
  • disallow video recording or audio recording when conducting online meetings and disable tracking functions; and
  • verify the identity of participants in online meetings before allowing admission.


Furthermore, employees should never visit dangerous websites or unsafe page or attempt to open an unsafe email or download or transmit an unsafe file. Instead, they should seek verification of their authenticity with the IT professionals of their companies.


What employers should do


Employers should stay vigilant and be aware of the heightened cybersecurity risks involved when moving employees from office to a remote working environment. Employers should implement appropriate policies or incorporate measures and guidance into their existing WFH policies to ensure employees are aware of their obligations including professional training for all employees on how to operate IT and online infrastructure safely, how to spot unusual or potential malicious activities, and how any personal data held can be protected against unauthorised or accidental access, processing, erasure, loss or use. Employers should also review their confidentiality agreements with employees to ensure they include sufficient provisions for the protection of confidential information.


2. Health and safety


In Hong Kong, employers are under both statutory and common law duties to take reasonable care of the safety of their employees at work.


Under the Occupational Safety and Health Ordinance (OSHO), employers must, so far as reasonably practicable, ensure the safety and health at work of all their employees.


At common law, employers are under a duty to act reasonably in all the circumstances including a duty of care, which extends to the provision of a “safe place of work” for their employees. However, there are no decided cases in Hong Kong concerning an employer’s liability when employees are working from home. With the increase in the number of employees having to work from home during the COVID-19 pandemic, employers may need to take reasonably practicable steps to ensure the safety of their employees while working from home.


What employers should do


Employers should consider incorporating into their WFH policies sufficient information and directions on how employees should work safely and effectively at home. In addition, employers should maintain regular communication with employees working from home to understand whether they can perform their work safely at home and whether they have any issues or concerns.


Where appropriate, employers may need to amend the employees’ employment contracts to ensure they contain appropriate provisions regarding WFH arrangements.


3. Employer’s liability for WFH arrangement


Under the Employees’ Compensation Ordinance (ECO), employers are liable to pay compensation if an employee sustains an injury or dies as a result of an accident arising out of and in the course of his/her employment.


The ECO does not specifically provide whether an employer is liable for injury sustained by an employee while working from home.


On the other hand, the Australian Court of Appeal has in the recent case of Workers Compensation Nominal Insurer v Hill (2020) NSWCA 54 held that the deceased’s injury had arisen out of her employment while she was working from home. This case has significant implications on employees working from home and the decision may likely be followed by Hong Kong courts. Accordingly, if an employee sustains injury while working from home at the request of the employer, the court may consider the injury as arising out of and in the course of employment.


What employers should do


Accidents may happen while an employee is working from home. If it could be established that there is a causal connection between the incident giving rise to the injury and the employment, the employer might be liable to pay compensation to the injured employee. Employers should therefore check to see if their existing employees’ compensation insurance policies cover employees working from home and consider whether additional insurance coverage is needed.


4. Typhoon and black rainstorm


The statutory and common law duties imposed on employers serve the purpose of ensuring the safety of workplaces, which cover the journey of employees to and from their workplaces during extreme weather conditions such as when typhoon signal no.8 or above or a black rainstorm warning signal is hoisted. To provide practical guidelines and samples of work arrangements in these situations, the Labour Department has issued a Code of Practice in Times of Typhoons and Rainstorms (Code). The Code recommends employers to allow their employees a day off during tropical cyclone signal T8 or above. In practice, the Observatory usually advises the public two hours in advance before issuing a T8 signal to enable the employers to release their employees early such that a safe journey home can be guaranteed. Likewise, the Code advises employees to stay in a safe place for two hours after T8 is hoisted instead of returning to work immediately.


It is not surprising that the Code, which came into existence before the COVID-19 pandemic, is silent on the WFH scenario. Yet, under the ECO, “an accident to an employee shall be deemed to arise out of and in the course of his employment if it happens to the employee when, within the duration of a gale warning, or of a rainstorm warning, he is travelling between his place of residence and his place of work.” That begs the question of whether employers should allow employees a day off under extreme weather conditions for those who are already working from home and whether employers are liable to pay compensation under the ECO to an employee who sustains injury at home within the duration of a typhoon warning or of a rainstorm warning while working from home.


What employers should do


Given the Code is not legally binding and an employee is not entitled to a day off under the existing laws of Hong Kong, in the absence of any contractual policy in place stipulating the otherwise, it would seem unlikely that an employee would be entitled to a day off when working from home under typhoon signal no.8 or above or a black rainstorm. Employers should consider revising their existing WFH policies to state clearly whether employees will be given a day off during extreme weather conditions and to update their employees’ compensation insurance to cover the WFH situation so as to leave no room for doubt.


The COVID-19 pandemic has accelerated the way companies operate through technology and has brought unprecedented changes with greater emphasis on convenience and safety. When adopting WFH arrangements, employers should carefully consider the far-reaching legal implications that arise from the shift to remote working, whether as short term measures or as a sustainable option.


 



Link to article

 

MEMBER COMMENTS

 

 

WSG Member: Please login to add your comment.

    Disclaimer

WSG's members are independent firms and are not affiliated in the joint practice of professional services. Each member exercises its own individual judgments on all client matters.

HOME | SITE MAP | GLANCE | PRIVACY POLICY | DISCLAIMER |  © World Services Group, 2020