We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our data privacy statement.



Romania: Protecting confidential information while teleworking

PrintMailRate-it

published on 1 February 2021 | reading time approx. 2 minutes

 

As per the Romanian law, telework is defined as any work arrangement that allows employees to work outside of their primary worksite at an alternate location, on a regular basis, at least one day a week, pursuant to an approved Telework Agreement.

 


Currently, some current studies claim that remote workers are more productive and profitable than office-based employees so, in many cases, teleworking might become a widespread working model even after the pandemic crisis. 

A successful implementation of the remote working model implies the following internal measures:

Confidentiality covenants and teleworking policies

Employers who have not concluded confidentiality agreements with their employees may consider having employees abiding from rules regarding their obligations to protect the company's confidential and trade secret information. Thus, rules for handling the company’s confidential information are of utmost importance. Therefore, the telework policy should address the types of information the employer considers confidential, the proper handling of confidential information by employees working from home or remote and the proper steps that need to be taken by such employees to protect the employer’s confidential information.  

Electronic security measures in place (Hard control)

It is important that employers consider the security of their IT systems. It is known that wireless networks are much easier to breach than an employer’s secure network because personal wireless networks usually have fewer security protocols in place. 

Employees accessing the company’s servers remotely are generally granted access to a virtual private network (VPN). A VPN is a private, encrypted channel that will allow employees to directly access a company’s network, while greatly minimizing the risk to the company’s confidential information and trade secrets. VPNs are also beneficial as they allow employers to create and monitor remote workers’ access logs that track files as they are accessed by each employee.

Employers must ensure that only authorized users have access to their systems, networks and databases. To do so, employers could require two-step authentication or instate similar protective measures for remote access.

Use of company-provided devices or company systems

If feasible, employers should require teleworking employees to use only company-provided devices or company systems to review, store and disseminate company information.

Physical security measures

Teleworkers should be informed that they should lock their computers when they are not in their home offices. They should also make sure they do not leave company information out in plain sight of third parties or in view of computer cameras during video calls. Sensitive information should be subject to a company's normal shredding rules, and employees should be restricted printing documents at home. 

Additionally, special caution must be granted to the physical transport of all mobile devices and confidential information, in any form or medium, from one location to another, whether in your personal vehicle, public transportation or otherwise. As a rule, an employee must maintain personal possession of devices and confidential information at all times; any storage arrangements must be locked and secure at all times.

Restricted access, need to know basis

Specific access rights should be implemented, so that access to information is granted on a „need-to-know” basis, with the limitation of access to certain documents and information to particular groups or individuals, entitled by their job description to handling them. There are tools to revoke access to certain protected information if necessary to prevent possible data leaks.

When combined together, strong policies, training, IT security measures and procedures for return of company property can all contribute to reducing the likelihood that employees will jeopardize the secrecy of trade secret information through their actions.

Contact

Contact Person Picture

Petre Lungu

Attorney at Law (Romania)

Associate Partner

+40 21 3102 162
+40 21 310 2172

Send inquiry

Contact Person Picture

Iulia Rezeanu

Senior Associate, Attorney at Law (Romania)

+40 21 3102 162

Send inquiry

 How we can help

 Read more

Deutschland Weltweit Search Menu