Operational Resilience in a Public Health Pandemic
What a few weeks this has been for us all during these difficult and unsettling times, as the established modes of work and play have been severely impacted by the most serious and invidious public health pandemic in our lifetime. Sadly, many have already lost their lives and there is an increasingly likelihood that the current death toll will increase because of COVID-19, making the world of work seem unimportant by comparison as people fight for their very lives.
All businesses are grappling with how best to respond to the situation, including considering how to protect their customers, visitors and staff.
Challenges for Operational Resilience in a Pandemic
The advent of COVID-19 pandemic has led to a rapidly fast changing and challenging situation whilst companies seek to try and maintain their ‘regular’ business footing using a-typical disaster recovery or business continuity policies that were not developed for the current situation, seeking to manage an un-typical situation that barely any of us are equipped to deal with other than mostly learning new ways of working at pace and on the fly.
Who knew for example that there would be a crippling shortage of laptops in the supply chain, that has impacted issue to home workers following the advent of COVID-19 in China at the end of 2019? The chronic shortage of laptops has severely handicapped many companies’ ability to source and deploy laptops to home workers who would not normally need them. How many companies were, for example, typically running a lean policy of laptop stocks without an eye on the likely impact this may have on their business operations, if there was a supply chain shortage caused as in this case, a global pandemic?
Lessons learnt for achieving Operational Resilience
However, what we can say is having had many interesting experiences the past month of companies and organisations different approaches as to how they are addressing the challenges being faced, we believe there are some very real beneficial lessons regarding operational resilience that should be learned from this event but are in danger of not being addressed in the race to enable colleagues to have effective home working in line with HMG guidelines, as well as support the business at the same time.
It is a cliché but sadly true that you are only as strong as your weakest link. That weak link in terms of data risk is of still, of course, the human element in all organisations.
Companies typically have structure, procedure, security as well as health and safety at work policies, that are designed to help workers operate efficiently and continuously in a safe and effective environment whilst in the workplace.
This means as a result, the organisation is typically keeping a benevolent eye on its employees whilst they are active in the work environment, whether they be in a fixed or mobile location.
Now out of necessity many organisations have been forced to deploy away from the secure work environment arguably their most important assets into their respective homes for what is currently, a likely lengthy, unspecified period of time. These homes are likely unregulated and uncontrolled environments along with all this brings as a challenge in terms of securely managing both data risk and human risk at the same time.
There are lessons being learned and many established processes and policies may not stand scrutiny in the cold light of day once we have defeated this pandemic and returned to whatever the working as normal format looks like.
Maintaining trust between organisations and their employees
How do companies and organisation maintain trust, for example, without monitoring employees at home? There is increasing concern that employers wanting to ensure that working from home does not negatively impact productivity, may now seek to deploy ‘creepy’ monitoring techniques without taking the appropriate lawful steps to assess the privacy risk and/or comply with their other data protection obligations (such as transparency) in order to monitor productivity.
Duty of Care to Employees
How do organisations help their employees manage fire risk as a key example, for health and safety requirements for the necessity of home working during the current public health crisis?
How do the HR professionals / partners continue to provide ‘duty of care’ and pastoral support to these same human assets whilst they are all deployed away from the company locations as a result?
Will companies see an adverse increase in mental health related issues as a result of enforced and prolonged home working?
Home Working impact on Operational Resilience
How will a possible decline in employee’s mental and physical health, as a result of both the changed working practices and a likely increase in staff becoming infected with COVID-19 over time, impact operational resilience?
What happens when home workers are sharing their home working environment with family and other fellow home workers, who are all now forced to live cheek by jowl over an enforced pro-longed period of time with less than normal levels of privacy and the issues that may occur regarding data risk being increased as a result?
How many organisations have conducted on site audits of their employees home working environment for example BEFORE the pandemic broke cover, to ensure that they are indeed able to be working in a safe and compliant location away from the office?
Data Protection Compliance
Equally what does it mean for companies and organisations having, from necessity as a result of the Pandemic, deploy their staff to home working with its implications for data protection compliance? Data protection regulators are keen to remind us this pandemic does not in and of itself entitle us to relax our approach to data protection compliance.
For example, we have seen countless social media posts showing people home working with their laptop balanced on an ironing board because that is the only table top space they have access to, or indeed posting ‘fun pictures’ of their pets sitting next to them whilst they work from home, whilst displaying their un-redacted company and client information on their laptop screens.
We do not profess to have all the answers and we are certainly not intending to set ourselves up as judge and jury on companies and organisations who have deployed their human assets to home working as rapidly and efficiently as they have been able to, whilst not only seeing their established way of working change beyond experience, but in many cases many companies are seeing their actual business being massively impacted which means that for some, they may not sadly survive the current crisis. This article hopefully makes people stop and think on what I believe are increasingly unappreciated issues caused by the necessity of home working.
Whatever the timeline and outcome of defeating the COVID-19 pandemic, I think we all know that both work and social life will never be the same again. From a data risk viewpoint, security measures when working from home are going to have to be addressed in a far more robust and considered manner than may have been the case to date. This will also include extending the company or organisations responsibility to address the fire risk as well as the social risk they are now exposing their human assets to by the necessity of working from home, that previously was not the individual staff members responsibility.
If you have any queries or concerns, please do not hesitate to contact us.
Finally, having said all this, please do not ignore the Government’s advice on home working where you can.
Keep safe and well.
Co-Founder and Director