Allright! The new normal is settling in and many companies have decided that allowing their employees to work remotely is going to be part of their new normal going forward. For most companies this has meant securely enabling their employees to work from home. But now that employees can see a future where they can live and work wherever they want to, new possibilities are opening up. They can perhaps go someplace with better weather, lower cost of living expenses, and less people. Countries like Bermuda, Estonia and Georgia are seeing this as an opportunity and offering remote work-friendly visas to those who want to perhaps move to their countries for a period of time. It’s a win-win. The remote workers get to “get away from it all” and still work and the countries they move to get a boost to their economy. But is it secure?
I asked our own Niamh Muldoon, Senior Director of Trust & Security, if she could recommend some guidelines you might want to follow if your employees are seeking to move their remote workspace to another country. She suggested making sure you consider 5 key areas:
- Laws
- Government Regulatory Privacy and Security Requirements
- Industry Compliance Regulations
- Industry Best Practice Standards
- Customer Contractual Service Level Agreements
First look into the associated laws governing the region and are there any specific laws for systems or data? Could these affect how you are currently managing your business systems or data? After you have looked into the laws that might affect how your employee is able to work within the desired country you will need to make sure that you are clear about any government regulatory privacy and security requirements. Make sure you are aware of the sanction-listed countries: https://bscn.nl/en/sanctions-risk-list-countries. This is a current list of all the countries that have any sort of sanctions against them from the EU or from the US and what those sanctions are. Also look to see if there are any specific privacy and/or security requirements for data and systems being considered, such as General Data Protection Regulation (GDPR) or The California Consumer Privacy Act (CCPA).
Your next level of research should be to make sure that there aren’t any industry-specific regulations or standards that might affect the choices that are available. For example, there might be regulations specific to processing and storing data within the country along with regulatory requirements for operating your business within these regions.
Looking at your customer and future-targeted customer, are there any specific compliance industry regulations that need to be considered to make sure to include but not be limited to PCI-DSS, HIPAA, and 21-CRF Part 11/Annex 11. Industry best practices might not be as binding as official regulations but it is good to make sure that you are following them as much as possible. Are there any industry best practice standards for the region that are relevant? Customers might expect you to always follow particular best practices and choosing not to do so might affect whether or not you can retain these customers.
And, finally, you never want to forget your customers. How will certain employees moving to a different country affect your customers? Will it affect Customer Contractual Service Level Agreements? Will you need to change how you define your operating model and organization or your roles and responsibilities if employees are now in totally different time zones?
COVID-19 has certainly changed how we live and how we work. And it looks like some of these changes might become permanent. We have been spending much of the past few months just making sure our workforces can work safely and securely from home whenever possible. As some are realizing that working remotely might become a long term situation they are naturally looking around for a new place to call home. Before your employees start moving off to take advantage of these new remote work-friendly visas make sure you do the research and ensure that this is a safe and secure choice for your company as well.
