Letting employees work at home raises legal and security issues.
Recent decisions made by Yahoo! regarding home workers have created quite a stir in the employment world. In a memorandum to employees, Yahoo! CEO Marissa Miller stated that telecommuting would no longer be permitted. There has been a significant amount written on whether Miller should have done this, but the reality is that a business has the authority to make its policy decisions in this arena. Businesses contemplating allowing workers to work from home should be aware of the legal and security issues arising in these types of circumstances.
Legal issues: Employers need to understand that home workers present unique legal challenges that affect the way laws apply to the employer. For example, employers using home workers must be careful to ensure wage and hour compliance. Policies should ensure that home workers accurately report all hours worked, prohibit off-the-clock work, and make certain that breaks are taken but not abused. Failure to do so may result in significant liability to an employer under federal and state laws governing minimum wage and overtime.
Worker's compensation laws and insurance policies also need to be reviewed when an employer has home workers. State worker's compensation laws also may apply differently to home workers who do not traditionally come into the office, but are compensated for travel in certain circumstances. Some worker's compensation insurance policies may not cover home workers and or may not cover out-of-state workers. Employers should carefully review state laws and insurance policies.
An employee's privacy rights may also give rise to issues. Employers should obtain the employee's written consent to access the home (if necessary), monitor email communications, monitor telephone communications, and conduct all other legal forms of electronic monitoring. The employer must also decide whether to allow an employee to use a home or work computer.
Other legal issues may include tax matters, accommodation of disabled workers, protecting trade secrets and other intellectual property, family and medical leave, and many others.
Security issues: Employers also must consider the potential for security breaches and obligations that arise out of such breaches. Employers should take proactive steps to prevent security breaches and comply with reporting laws if applicable.
The #1 security threat to protected data is a weak password. Recent articles highlight the fact that too many employees use default passwords, including 1234, Password1 and others. Employers must ensure that employees are implementing strong passwords that may include letters and numbers, be case-sensitive and use symbols.
There are a variety of ways to allow employees to access internal networks and servers. Options may include a virtual private network (VPN), virtual desktops, remote desktop technology, extranets and many others. Each option poses unique challenges and different security risks. Employers should carefully consider the method of access, as it is possible for viruses and malware on remote machines to infect the office network. Employers should consult with their IT providers to review the strengths and vulnerabilities of each type of access to prevent this type of breach.
Other issues to consider include smartphones that access company email and the ability to remotely wipe them in case of loss, using Wi-Fi in public areas that may be monitored and intercepted by hackers, limiting administrator rights for employees, and adequately training employees to identify and reduce security risks.
Conclusion: The benefits to an employer from telecommuting can be significant, but an employer should not allow telecommuting without carefully considering and understanding both the benefits and risks. Employers should carefully consider these issues with their legal counsel and IT provider before drafting and implementing telecommuting policies.
Richard W. Castleton is an employment and litigation attorney with Burke Costanza & Carberry LLP. Mark J. Terborg is the IT director at Burke Costanza & Carberry LLP. This article is for informational purposes and does not constitute legal advice. The authors may be contacted at 219/769-1313.
