[ckdarby]

That is not the case at all. There have been plenty of companies before pandemic that had remote employees and or individuals who just travel frequently.

You're able to be compliant even without being in the office. Most of the compliance is covered by < 5 mins auto lock, security updates turned on, VPN and a yubikey.

Nearly everything else in these are documented processes and separation of roles and responsibilities.

[bryan_w]

How do you guard against someone in their home, taking a picture of your personal information when you call the call center?

[mikem170]

You have an automated system like an ivr with voice recognition collect sensitive info. You don't have sensitive info on an agent's screens. You don't collect unnecessary personal info.