The ICO and Mobile Data Compliance

Mobile technology brings unique challenges in how organisations are handling our personal data. That was the key message from the UK's data protection regulator at E RADAR's recent Trust in Mobile Enterprise Summit in Manchester.

Iain Bourne, Group Manager, Policy Delivery at the Information Commissioner's Office discussed the application of the 8 data protection principles set out under the Data Protection Act 1998 - legislation which provides the basic framework for the proper use of new technologies when they are handling personal data. The Act is not a barrier to the introduction of new technologies, but it needs to be understood and used in the correct way. The Data Protection Act 1998 provides a framework for using technology in a secure, lawful and reasonable way that’s acceptable to the public. Limitations and safeguards are essential: the public are watching businesses that use technologies and they have rights.

Mobile data compliance

iain bourne

Iain Bourne

But there are challenges unique to mobile technology and how it is used. For example, mobile devices are more portable than desk top devices, even lap tops. The more portable the device, the less secure it might be. Bring your own device (BYOD) also blurs the boundaries between personal and corporate information held on the device. How do you display privacy notices on such small screens, especially when the new Data Protection Regulation will require organisations to display privacy notices more prominently? Finally, how does the organisation explain geo-location services to ordinary members of the public and give them the option to turn them on and off?

Iain Bourne's presentation delves into these and many other questions facing small and medium-sized enterprises in how they should handle personal information when using mobile technology.