Working from home during COVID-19? What you and your organisation need to consider

With cases of COVID-19 arising in almost every country, several companies are taking action in an effort to limit its spread. ‘Working from home’, is the main point of such efforts made from organisations.  Although remote work arrangements can be successful in slowing the spread of COVID-19 from one person to another, they pose data protection obstacles that can be different from on-site work.  Below is a list of considerations and suggestions to better assist companies in addressing such obstacles.

1. Policy:

Review your information security and other related procedures to decide whether there are any established security standards for remote work and remote access to the company’s information systems.  Many organisations may already have procedures related to remote work, whilst others can provide for contingencies in disaster response strategies, BYOD (bring your own device) policies, and other related strategies and policies. In case there are no appropriate procedures or policies in effect, it is now the best time to set out at least some clear rules for addressing remote access to company’s information systems and the usage of personal devices by employees for company work.  

2. Communication:

Security managers should be familiar with the appropriate security guidelines, plans, and procedures, and make sure that important information is transmitted to their departments as well as throughout the whole company.  Many employees may have never worked remotely before, therefore, providing guidance and advice to all employees is essential.

3. Preparation:

Organisations should evaluate data breach and incident response policies to ensure that they are well prepared for responding to a data breach or security incident. The increased security risk of remote work highlights the need to have a policy in place in case something develops in an undesirable way.

Remote work data protection tips to keep your information secure:

  • Employees should be made aware of the types of information they need to safeguard.  This includes information such as sensitive company documents, trade secrets, protected intellectual property, client and employee personal information etc.
  • Sensitive information such as employee data, client data, health records, financial records retained on or transmitted to or from remote devices should be encrypted.
  • Employees should also be trained on how to identify and handle phishing attacks. An increasing number of Coronavirus-based phishing emails are going around lately preying on the public’s health concerns.
  • Sharing of work computers and other devices should not be allowed. When employees carry work devices at home, those devices should not be shared with or be used by someone else. This eliminates the risk of unwanted or accidental exposure of clients’ confidential information.
  • A two-factor or multi-factor authentication (MFA) is recommended to be implemented and enforced.
  • Virtual Private Networks (VPNs) ensure that internet traffic is encrypted. If your company has one in place, it should be ensured that employees exclusively use the VPN when working and when accessing remotely company’s information systems.
  • Company information should never be downloaded or saved to employees’ personal devices or cloud services, including employee personal computers, thumb drives, or cloud services such as their personal Google Drive or Dropbox accounts.  
  • Employee access to protected information should be limited to the minimum scope and duration needed to perform their specific tasks and duties. 

The content of this article is intended to provide a general guide to the subject matter and does not constitute legal advice.

For any additional information, please contact us at [email protected] or at +357 22 42 11 90.

Could COVID-19 be qualified as a Force Majeure event?

The ‘force majeure’ term is commonly used in commercial contracts to define incidents that may occur and are totally beyond the control of the parties.  The basis of this provision is to protect the parties from any liability in case they are unable to comply with the provisions of the contract for reasons outside of their control.

The degree of protection that these provisions may offer can vary from country to country even within Europe, owing to the various definitions of ‘force majeure’ across the legal systems of different Member States. Therefore, it will depend on the relevant laws of the country that the parties have designated in the contract and the parties are thus encouraged to seek legal advice on the subject.

In common law jurisdictions such as Cyprus, there is no concept of force majeure, and therefore every case is decided on its own basis. It is worth noting that a ‘force majeure’ provision would not necessarily enable the parties to avoid potential liability for any violation of the terms of the contract. Parties shall be able to rely on this provision only if it is expressly included in the contract and in order to benefit from it, it is important that such clause be as detailed and specific as possible in terms and context.

Having said the above, whether a particular clause relieves a party of contractual liability will, under Cyprus law, depend on the precise wording used in the clause, the allocation of risk between the parties provided for by the contract as a whole, the circumstances in which the parties entered into the contract, and the situation that has arisen.

The inclusion of the words “virus” or “pandemic” or “epidemic” in force majeure clauses is likely to be adequate, particularly in view of the fact that the World Health Organization (WHO) has recently classified COVID-19 as such.  However, this is not without saying that a review of the wording of the relevant clause would not be necessary.

It is also worth noting that in the absence of a force majeure clause, the so-called doctrine of frustration can provide the party with an alternative path to terminate the contract. The contract becomes frustrated when performance becomes impossible due to some unexpected incident beyond the control of the parties. In Cyprus, the issue is dealt with under section 56(2) of the Contract Law (Cap. 149), as amended, which releases a party from liability under such circumstances.

The content of this article is intended to provide a general guide to the subject matter and does not constitute legal advice.

For any additional information, please contact us at [email protected] or at +357 22 42 11 90.

Announcement

Financial Measures of the Cypriot Government to support businesses and labour, due to COVID-19 effects

On Sunday 15th March 2020, Labour Minister, Zeta Emilianidou, unveiled measures to safeguard education, employees and vulnerable classes of the population as a result of the impact of coronavirus on the economy, which is projected to cost an estimated of 159 million euro.

The measures proposed include the granting of leave to private-sector employees who have to stay at home to take care of their children, unemployment benefits for employees working in companies that plan to temporarily suspend their operations or companies that experience a 25% reduction in their turnover, as well as sickness benefits and remuneration to those who teach in the afternoon schools of the Ministry of Education.

The Minister states that the processes shall be made clear and that the proposed benefits shall be received as quickly as possible.

Parents of children up to 15 years of age, working in the private sector, would be given extra parental leave lasting up to four weeks, excluding public holidays.

It was further stated that a parent with an income of up to EUR 2,500, for the first EUR 1,000 would be given a 60% ‘special leave’ allowance, and a 40% allowance will be given for the next EUR 1,000.

In the case of single-parent households, the percentage ranges between 70% to 50%.

It was explained that leave for parenting responsibilities would be provided only in cases where the nature of the work of the parent does not qualify for work from home or flexible working hours and that no assistance is received by grandparents.

In relation to the public sector, staff who wish to take care of their children should need to get approval from their head of department.

The cost of the grant is estimated at 20 million euro.

With respect to companies that have decided to temporarily suspend their activities and those who will continue to work but experience loss in their turnover greater than 25%, relevant business suspension measures should be set up so that layoffs are prevented and employees continue to earn a living.

At the same time, employees affected due to company’s suspension of activities would be given unemployment compensation for as long as the activities of their employer are suspended. The cost of this initiative is estimated at 110 million euro.

As regard to companies employing up to 5 individuals, a 70% subsidy shall be given for their staff, provided however that they have a turnover reduction of more than 25% and that there is no dismissal of any member of staff.

Employees suffering from serious health conditions and need to stay at home so that their health and safety is preserved will obtain a monthly allowance of 800,00 euro. A list of health conditions regarded as serious will be published by the Minister of Health in due course.

Self-employed individuals would also be compensated in the same way as employers, from the fourth day instead of the ninth day as it was until recently.

It has also been decided that the deadline for submission of objections to Social Insurance authorities for self-employed individuals shall be extended by one month, the deadline of which shall be on the 30th April 2020.

The development of mobile units to supply food and medicine was also confirmed to support elderly and disabled citizens who are alone and require state assistance.

The content of this article is intended to provide a general guide to the subject matter and does not constitute legal advice.

For any additional information, please contact us at [email protected] or at +357 22 42 11 90.