By: Olympia Karageorgiou, YLS ‘21

In Spring 2020, the coronavirus (COVID-19) pandemic suddenly necessitated institutions, public and private, to transform the ways in which they manage operations, and where applicable, provide services. Undoubtedly, the increasing accessibility of the internet in the United States has been a linchpin in facilitating this unprecedented transition.

Work from home and work-from-everywhere jobs are not unique outgrowths of the pandemic. Employers have been, for some time, offering flexible work schedules, outsourcing in-person jobs, and, in some cases, requiring employees to partially telecommute. Given the inevitability, in a post-COVID world, that telework will become a more permanent fixture of the employment landscape, I would like to briefly outline some considerations and challenges of remote work arrangements. Principally, I will discuss two important elements of our transition into this dynamic working environment: (1) the role of data privacy and security in the remote workspace, and (2) the effects of remote work policies on organizations and their personnel.

Data Privacy and the Consumer, Corporation, and Worker

Internet access occupies an integral role in our society, from facilitating educational opportunities across the globe, to delivering healthcare services to traditionally disenfranchised patients. As telework becomes further entrenched in our professional lives, there has been growing attention to the implementation and maintenance of data security and privacy in the remote workspace. In this section, I will note a few of the existing cybersecurity regimes, and highlight some challenges that have come to the fore during the ongoing COVID-19 pandemic.

Adopted by the European Union in 2016, and fully implemented by mid-2018,  the General Data Protection Regulation (GDPR) sets forth guidelines on the regulation of consumer data in member nations. This law, broadly, serves to standardize cyber policy across participating nations, and regulates commercial collection, storage, and dissemination of personal consumer data. Though these laws differ in some material ways, the California Consumer Privacy Act (CCPA) adopts many of the general principles embodied by the GDPR, and remains a unique regulatory framework within the U.S.

In the criminal cyberlaw context, we can look to the Council of Europe Convention on Cybercrime (“Budapest Convention”) as the extant guidance on standards of cooperation and conduct among signatory nations. The Cross-Border Data Forum identifies the three primary functions of the Budapest Convention, which are to: (1) create a common cyberlaw apparatus among participating nations, (2) encourage investigations relating to the commission of cybercrimes, and (3) establish a shared standard of mutual aid and cooperation in the investigation of cybercrimes.

The COVID-19 pandemic began with little forewarning and left employers, in many instances, to hastily establish telework programs, virtually overnight. Undoubtedly this unexpected transition to remote work has raised privacy and security concerns, which can be understood in two primary contexts. First, organizations must maintain the security of data they collect, retain, and/or disseminate. This goal has been made more challenging during the pandemic, in part because of the limited security apparatuses presently available to many newly-minted remote workers, as well as the rapid pace at which cybercriminals are evolving to avoid having their efforts frustrated.

Additionally, organizations must be cognizant of the ways in which working from home carries additional, offline opportunities for security breaches. To illustrate the latter point, consider the case of a lawyer at a large firm. Prior to the pandemic, the attorney might have a semi-private workspace, which is separate from areas guests may access; as such, a brief conversation in an office doorway can only be overheard by other authorized personnel. During the pandemic, however, the same conversation conducted virtually can potentially be heard by partners, children, houseguests, and others who may be within earshot. Questions surrounding the use of employee-monitoring software, policies re: the home working environment, and security obligations imposed by employers, should be clearly and adequately addressed through the employer’s handbook. These challenges, as well telework policies, more broadly, are discussed in the latter section.

Considerations for Remote Work Policies– 2021 and Onward

As millions around the country and world receive COVID-19 vaccinations, employers are revisiting the largely stopgap policies that have carried their workforces through the pandemic. While many were once hesitant about remote work, more laborers have reconsidered returning to the office full-time; in fact, more than half of American workers would prefer to continue having at least some amount of telework included in their post-COVID schedules. Two salient considerations for a growing work-from-home cohort are the effects of remote work on job satisfaction and productivity, and the use of productivity monitoring tools.

One of the many myths that pervades the employment landscape is that remote-based employees are less productive, less committed, and less emotionally-invested than their in-person colleagues. On the contrary, many organizations have found increased levels of productivity from their workers, despite the unique challenges many have faced during the pandemic. Empirical studies tend to back this assertion, finding that telework not only improves job performance, but also influences key factors related to job satisfaction, such as “worker well-being, gender equality, regional inequalities, housing, [and] emissions.”  Ensuring employees enjoy their work arrangement is not merely an altruistic endeavor; it also serves to limit turnover, a costly effect of poor engagement, both in terms of its financial impact, and also as a function of its negative impact on organizational culture. Because remote work is taking on an increasing role in the labor market, employers should be aware of, and address in their policies, the barriers employees may face in the virtual workplace, including caretaker obligations, technology limitations and cybersecurity concerns, and adjusting to a broader corporate culture. Though these challenges exist for some remote workers, overarching evidence supports the assertion that employees generally welcome the opportunity to telework and are more productive for it.

Productivity-monitoring programs, which refers to the wide range of technology employers use to track employee conduct, is a particularly controversial element of telework. There are many reasons why an employer may want to monitor their agents, from defending itself against a rising number of cyber attacks during the pandemic, to ensuring work is actually being accomplished. However, critics have pointed out that such monitoring comes at the cost of privacy, corporate culture, and productivity. A responsible work-monitoring policy must, then, address both data privacy concerns, as well as privacy from a personnel perspective– the latter, being to prevent unauthorized access or monitoring of tracked employees by their colleagues.

Recently, controversial monitoring programs, such as Amazon’s movement and facial-recognition tracking, have brought renewed scrutiny to the long-standing puzzle of defining efficiency in personnel management. In light of the numerous ways in which remote workers are just as, if not more, productive than their commuting colleagues, such software may be an overly blunt response to the relatively nuanced challenges that arise from maintaining a virtual workforce. Further, the benefits of this technology should be balanced against the cybersecurity concerns it raises. Looking forward, telework is poised to become a permanent fixture of the labor market. If employers preemptively establish a responsive set of remote work policies, they will be better situated to reduce their operations costs, and, more importantly, recruit and retain one of the most important assets an organization has– its human capital.