Your charity record keeping responsibilities don’t change if you are working from home or remotely.
You still need to:
- make and keep copies of operational and financial records
- keep records safe, ensuring no unauthorised access to records, nor unauthorised or illegal disposal of records
- comply with your charity’s record-keeping policies and procedures.
But with staff or volunteers working remotely, there may be increased or additional risks to charity records. These might include:
- records not being properly retained
- problems with controlling duplicates or versions of records
- some staff being unable to access required records if they are on someone else's personal device or storage
- improper backing-up of records.
In addition, information security risks may arise from:
- people using private networks and devices or public networks, or where other family members are also working from home
- employees or volunteers using their own computer systems and not having sufficient and up to date security software/operating systems
- an inability to control access to records - particularly those that are confidential or sensitive
- using unsecured or unsafe meeting platforms or other cloud platforms.
Your charity should set clear expectations and processes about how records are created, managed and maintained when working from home or remotely.
This is particularly important for those unable to access official business systems and unable to capture records as they normally would.
Refer to our record-keeping checklist.
General issues your charity should consider include:
- the records you need to capture and retain, and how you charity will do so
- the records that need to be accessed by others
- charity processes or procedures that may need to change or be updated - for example your charity's record-keeping policy - or where workarounds may be needed
- if any information security requirements also impact on how staff mange and access records
- the management of charity records in private accounts if you can’t use your organisation's computer system or accounts.
More specific actions you can take include:
- assessing each employee and volunteer’s home computer systems and security to determine risk levels. You may need to supply staff with computer equipment for use at home to ensure information security
- checking with your finance officer, accountant or auditor to see if they have any specific information or record keeping needs
- working out if there might be new types of records your charity needs to capture, like recorded teleconferences, or chats.
And ensure charity records are transferred into official record-keeping or business systems when you return to your normal workplace.
If you work with overseas partners, review the relevant information on our COVID-19 Compliance page.
And the Office of the Australian Information Commissioner has privacy-related guidance and advice on managing the collection, use and disclosure of personal information by staff working from home.