25 March 2020

COVID-19 presents a global challenge on a scale that has not been seen in generations. Many employers are asking employees to work from home and access office systems through virtual private networks (VPNs).

Many staff will continue to use employer-provided devices (laptops, tablets, phones) in which case device security remains under the control of the employer. Others will use their own devices, in which case the employer will be reliant on staff implementing necessary security themselves. Whilst VPNs provide a generally secure means of access, the use of personal devices may give rise to increased risks around security of systems and the confidentiality of information.

It is worth noting that data protection law doesn’t prevent homeworking, but employers will need to consider the same kind of security measures for homeworking as they would use in normal circumstances and provide appropriate support and guidance to staff.

Irrespective of whether staff are using employer-provided devices or their own devices, it will in most cases be a consumer broadband contract that underpins their connectivity to the office and it will be the rights and obligations under that contract that regulate the speed and capacity of their access. A particular challenge here could be the greater demands on a family’s broadband if all members of that family are reliant on it at the same time (music streaming, video streaming in addition to work traffic).

If broadband speeds are significantly below the expected levels for the anticipated usage, it is worth consulting Ofcom’s voluntary Code of Practice that covers most internet service providers. Of particular interest under the voluntary Code of Practice:

  • customers’ to get the support they need when their circumstances make them vulnerable (for example self-isolating would be a good example of this); and
  • customers’ services work as promised, reliably over time. If this goes wrong, providers are to give a prompt response to fix problems and take appropriate action to help customers, which may involve compensation where necessary.

One thing worth checking with providers is whether they offer alternative ways of accessing their service if repairs need to be carried out. 

All this, of course, is likely to be subject to any ‘Force Majeure’ provisions in consumer contracts. However, it is worth noting that the service providers, even if they rely on force majeure clauses, are nevertheless likely to be subject to an obligation to use reasonable endeavours to mitigate the consequences of the force majeure event they are citing and providers should be asked to evidence that they have done so.

As a footnote, the above all pre-supposes that a commercial broadband service is available for home use. Universal coverage for all is a priority for the Government and from March 2020, BT and KCOM will be required to deliver a minimum service to households unable to connect via commercial operators. However, this is not useful for immediate needs  it could take up to 12-months or longer for customers to receive their connection once a request has been approved.

How can we help?

If you would like to discuss this briefing please speak to your usual Burges Salmon contact or Lucy Pegler.     

Key contact

Lucy Pegler

Lucy Pegler Partner

  • Technology and Communications
  • Data Protection and Cybersecurity
  • Outsourcing

Subscribe to news and insight

Burges Salmon careers

We work hard to make sure Burges Salmon is a great place to work.
Find out more