Coworking spaces offer a flexible and inspiring environment for modern work. However, amid the open structures and the diversity of companies and individuals, challenges arise when it comes to protecting sensitive data and ensuring information security.
In coworking spaces, people with a wide variety of backgrounds often work in close quarters. This makes ensuring confidentiality a challenge: Open working environments carry the risk that screen content or physical documents can be viewed and conversations onDSG Compliance Checkliste. Discretion is particularly crucial in professions in which sensitive customer data, internal information or employee data are processed.
Handling Sensitive Information
Phone calls and meetings are an integral part of everyday work. Nevertheless, it is important not to unintentionally disclose confidential information in open work areas. Meeting rooms or alternative premises can help to discuss sensitive topics discreetly. If such rooms are not available, headphones or headsets with microphones can minimize the volume of the conversation and thus increase the protection of information.
The provision of Wi-Fi is standard in coworking spaces, but it poses a significant risk to information security. Even without much prior knowledge, interested parties can gain access to sensitive data in unsecured networks or “listen in” on ongoing wireless transmissions. It is therefore advisable to use a VPN for access, which encrypts the data. Alternatively, mobile hotspots can ensure a secure connection.
Shared devices such as printers or scanners can also pose security risks if print or scan jobs remain unprotected on the shared device or printed pages are left unattended in the printer. It must therefore be ensured that no documents are left behind on such devices and that the devices are only used with authentication or functions such as “follow-me printing.”
Labor Law Requirements
Before using a coworking space, employees should find out whether working in such premises is permitted in accordance with their employment contract, the applicable regulations or instructions of the employer. The duty of confidentiality and secrecy is of central importance here, as it is part of the employee’s duty of loyalty (Art. 321a OR). In addition to the work performance as the main obligation, the duty of loyalty is the most important secondary obligation and includes various sub-obligations that aim to promote and protect the interests of the employer.
Many employers have regulations, in particular on information security, which contain requirements on how to create a secure ICT environment and how the protection of data should be guaranteed both by the employer and by every employee. The aim of these requirements is to protect the employer’s information, data, ICT systems and ICT resources in such a way that they are only accessible to authorized persons and that no unauthorized changes can be made.
However, the option of working from home does not mean that working in public spaces or at external locations is also permitted. In case of doubt, employees should therefore discuss the matter with their employer in advance to clarify any uncertainties and ensure that their working practices comply with the guidelines.
Data Protection Aspects
When using coworking spaces, not only labor law requirements must be observed: The Data Protection Act (DSG) and the associated ordinance prescribe how personal data must be processed. These are all details that relate to a specific or identifiable natural person (Art. 5 DSG). Employers are responsible for ensuring that data processing is carried out in accordance with the law (Art. 4 DSG).
Employees, in turn, are obliged within the scope of their employment contract duty of loyalty to comply with the employer’s requirements. In addition to and alongside criminal law (professional secrecy, Art. Art. 321 StGB), the Data Protection Act also obliges with the “small professional secrecy” in Art. 62 DSG to maintain confidentiality, the violation of which can result in a significant fine.
In addition to compliance with the general principles regarding data processing (i.e. lawfulness, good faith, proportionality, purpose limitation, transparency and correctness), data security is also a priority when using coworking spaces: Data processing must be designed using suitable technical and organizational measures in such a way that the requirements of the Data Protection Act are complied with. These measures must make it possible to avoid data security breaches (Art. 7 f. DSG).
The open environment of a coworking space requires attention and care when processing data. Employees themselves should take concrete measures to protect the confidentiality and integrity of the information: A simple but effective measure is the conscious choice of workplace. This should be chosen so that the screen is not visible and confidential documents can be locked away. Additional tools such as privacy screens for monitors or lockable document compartments can also help to maintain confidentiality.
In addition, care must be taken to ensure that conversations cannot be overheard and that the workplace is tidied up according to the “clean desk” principle even when leaving it for a short time. Such precautions complement the measures mentioned in the sections above and help to minimize the increased security risk in coworking spaces.
If data protection breaches nevertheless occur – for example, through the loss of a laptop or the disappearance of documents – such incidents must be reported to the employer immediately so that the latter can check whether a report to the authorities (FDPIC) or those affected is necessary (Art. 24 DSG).
Raise Security Awareness
Data protection and information security in the coworking space are not impossible, but require a heightened awareness in everyday work to maintain the confidentiality and security of the entrusted data. Regular awareness measures, training courses and the targeted exchange of best practices within the team can help to minimize risks. In case of doubt, however, you should always consult with your employer. Through the combination of organizational, technical and individual measures, a high level of security can be achieved – even in the open and flexible working environments of modern coworking spaces.
First appearance on Miss Moneypenny:
Sensitive data in the coworking space
