As Work from Home (WFH) staff re-locations have been deployed by many public sector and enterprise organizations across the U.S. and globally, concern has risen over the ability to continue to monitor privacy and compliance policies during the COVID-19 pandemic that protect patient information, client financial data, credit cards and accounts and personnel files.
Following the onset of Bring Your Own Device (BYOD) initiatives, many firms created policies and procedures to educate employees, deliver and enforce guidelines issued by Payment Card Industry Security Standards Council (PCI SSC) among others as well as regulatory guidance like HIPAA and other compliance laws. These have been recommended US state and federal agencies and international global privacy organizations.
As an example, the PCI SSC has stated that it “recognizes that the unusual circumstances associated with the Coronavirus are not limited to congregation of large groups for meetings and conferences, but may also impact other activities that typically require in-country or global travel, such as PCI assessments against the PCI DSS, Card Production, P2PE, and PIN standards. While onsite assessments are always expected, in this unique circumstance, individual health and safety must be considered when making decisions regarding onsite assessments. “
The PCI SSC has continued to recommend that assessments of any worksites, remote or premise, should continue. During the current pandemic, remote assessment procedures and verification should be created and followed. Further steps that need to be taken may include the removal of any audio, virtual assistant, cell phone, or video device that may be used in the recording or copying of sensitive client/patient information.
The PCI SSC also recommends that organizations begin to restrict employee access to sensitive data, increase encryption capabilities and resources, and work to curtail data storage on any personal devices or cloud solutions.
There are some industry indicators that remote teleworking or working from home isn’t conducive to certain contact center environments.
If your firm needs assistance in analyzing and evaluating your PCI, Data privacy and HIPAA act compliance Contact Communication Strategies at: 707.963.5418.
