Friday 18 Jun 21
The National Cyber Security Centre has issued new guidance on managing ‘shadow IT’.
Shadow IT, sometimes called 'grey IT', is any unapproved tools and technologies used in an organisation for business tasks. These aren't managed by the official IT department or policies, so they pose a risk of data breaches and malware spread.
Shadow IT also encompasses cloud services – for instance, employees saving business data in their personal cloud accounts for convenience.
Practices like this challenge your business’s risk management because it's hard to protect what you don't know exists.
Mostly, shadow IT arises when employees try to work more efficiently by using tools they're familiar with, or when official tools fall short.
Common reasons for shadow IT use include:
You can read the full guidance, including further examples of shadow IT and tips for mitigating the risks it poses, here.
The Information Commissioner's Office (ICO) has recently published and updated useful guidance for employers relevant to hybrid working arrangements.
The ICO has provided new direction on how employers can conduct monitoring fairly and in line with data protection law. The guidance also addresses specific monitoring practices, such as using biometric data to keep an eye on employee time-keeping and attendance. You can access the guidance here.
The ICO has updated its guidelines on how to handle workers’ health data.
Health information is among the most sensitive types of data an employer might possess about their employees. And under the GDPR, it’s classified as ‘special category data’. This means there are stricter rules and requirements when it comes to collecting and processing it. So, for employers, handling health data with utmost care is not just a recommendation, but a must.
To help employers navigate this, the ICO’s guidance lays out their legal obligations clearly and also offers some handy best practice examples to consider. It's an invaluable resource to help employers stay compliant and respectful of their employees’ privacy.
The world of work has changed for many of us and for lots of industries, there’s no going back to the times where home working and absenteeism were synonymous. It’s extremely likely that even once the pandemic is a distant memory, home working won’t be a thing of the past.
Whilst we won’t be seeing a complete return to central working locations, it’s possible that many employees will choose to adopt ‘hybrid working’ where they work from home for a select few days in their week.
With this, comes data protection considerations that we’ve summarised in this guide to help employers manage their workforce and comply with their legal duties.
Farillio members have full unrestricted access to all our online content.
Step-by-step instructions to guide you through everything you need to achieve your objective including a progress bar
Knowledge when you need it, served up fast in plain English
Expert Q&As with industry professionals to start you on the path
Create, share, edit, e-sign, duplicate legal documents
Easily manage legal documents for your business
Expert answers to legal questions without hefty fees
TRY FOR FREE