As states continue to extend work-from-home orders in response to the Covid-19 pandemic, and considering that remote work will continue to be the norm for many individuals even after the pandemic subsides, licensees must be prepared to address regulators’ heightened concern for data security.
Nearly all state regulators have issued pandemic-related guidance on data security requirements for employees of licensees working from home. While some states, such as Arkansas and Florida, reference existing state and federal requirements, others, including California and Iowa, have provided specific steps that licensees must follow before engaging in remote work. Licensees should closely monitor and implement the guidance from the states where they are licensed. We invite you to review our other blog posts for summaries of such guidance.
Additionally, licensees should follow these remote work best practices related to data security:
- Review applicable data protection regulatory requirements and ensure that internal or third-party technology solutions address and comply with those requirements
- Leverage, to the maximum extent possible in accordance with the institution’s third-party risk tolerance, external cloud and technology platforms that could assist in providing secure remote work technology solutions
- Review and update information security and data protection policies to consider remote operations, and communicate such updates to all employees
For more information on this topic, check out Law360’s “Data security best practices for licensed lenders’ telework,” written by Buckley Counsel Sherry-Maria Safchuk and Associate James Chou.