Creating Conducive Workplace To Fight Pandemic Aftermath In Organizations

Covid-19 compelled organizations to focus on two key aspects of doing business during pandemic, data protection and talent retention, among others. The IT Act not only provides legal recognition to electronic records but also prescribes requirement to store any data/information in electronic form or any negligence in implementing and maintaining reasonable security practices and procedures in dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, the companies can have liability to pay compensation by way of damages to the affected person. The Information Technology Rules, 2011 implemented under the IT Act specifically defines "personal information" and "sensitive personal information" and employers collecting, receiving, possessing, storing, dealing or handling SPDI are obligated to provide a privacy policy and ensure that the same are available in website for view by such providers of information who has provided such information under lawful contract. Further, under the SPDI Rules, there are obligations regarding transfer and implementation of reasonable of reasonable security practices and procedures that contain managerial, technical, operational, and physical security control measures that are commensurate with the information assets being protected with the nature of business and implement the International Standard IS/ISO/IEC 27001 on "Information Technology – Security Techniques – Information Security Management System – Requirements." Employment Policies: Despite creating new policies to address covid induced situations at work place or WFH, organizations will have to work towards revisiting their existing policies to address pandemic-caused situations, creating additional procedures/protocols, enhancing employee communications, and allowing employees to take leaves to unwind & rejuvenate to minimize disruptions.