The protection of personal data of clients during COVID-19
Due to the situation of COVID-19, many employees are teleworking, and using their personal computers, Home computers and personal/ public Wi-Fi.
In this case, companies cannot provide the proper security needed, this may lead to the exposure of personal confidential information of employees and clients to unauthorized people.
This can hold the liability of the company and the responsible can be faced with both imprisonment and a fine.Thus, companies have an obligation to respect the right of employee’s and client’s confidentiality and to protect all personal data.
What is the responsibility of companies regarding personal Data of clients?
Algerian public and private companies must do everything in their power to preserve confidentiality and ensure the security of their client’s data.
Law No. 18-07, relating to the protection of personal data of natural persons,provides that processing of personal data must be done in the context of respect for the person’s honour and their reputation.
Also, according to the article 38, the company should protect personal data against accidental destruction, alteration, breach of professional secrecy, dissemination of unauthorized access, especially when transmission takes place in unprotected network.
The above-mentioned law has set sanctions for the none-protection of personal data. According to article 60 of law 18-07, whoever gives access to unauthorized people to personal data is punished by imprisonment for two (2) years to five (5) years and a fine of 200,000 DA to 500,000 DA.
Therefore, the company should protect personal data of clients against any violations coming from its employees, or third parties, who have access to such information, especially with the situation of teleworking.
How can companies ensure the security of the personal data of its employees and customers?
A solid data protection strategy is a key, in this time, to keep client’s trust.
When accompanied by effective governance and supported by the effective implementation of technical controls, this will allow companies not only to minimize the risk of data leaks, but also to establish effective teleworking pattern, and by extension data protection.
Thus, Companies must set an urgent COVID-19 technical plan for keeping personal information.
Such as, limit the amount of data processed; Restrict access to sensitive data only to designated persons.
Provide protected network for the company’s employees, with the help of a professional IT engineer.
Provide the employees who are in direct contact with the personal data with well protected equipments (Computers, Phones, printers…).
Designate a person responsible for the protection of the personal data in the company.
The company should obtain the written approval of the person concerned before any processing of personal data; the said approval needs to be implemented by the proper legal procedures.
However, for these suggestions to achieve compliance, it is imperative to materialize them with the appropriate legal instruments as defined by Algerian regulations.
Otherwise, the company and its managers can be exposed.
Although, teleworking provides an appreciable advantage, the latter can jeopardize the leakage of employee’s and client’s personal information which is punished by heavy penalties.