California has recently authorized employees of licensees under the California Financing Law (CFL) to perform work within the scope of their employment from a remote location. Licensees may allow their employees to perform work remotely only if the licensee takes appropriate measures to safeguard consumers’ private information.
Among other things, California requires that licensees who allow employees to work from a remote location:
- Preclude in-person consumer interactions at a remote location and avoid designating a remote location to the public as a business location;
- Prohibit the physical receipt of mail related to the licensee’s licensed business at a remote location;
- Prevent a consumer’s personal information from being physically stored at a remote location, except for storage on an encrypted device or encrypted media; and
- Incorporates as necessary written policies and procedures to ensure appropriate supervision and control of at least the following: employee data security training, maintenance of security logs of remote logins, procedures designed to identify suspicious logins or login attempts, and data breach response procedures.