Personal devices and data protection - New guidance aims to address ‘laissez faire’ attitude to allowing staff to use personal devices for work business
The UK Information Commissioner's Office (ICO) has published new guidance explaining some of the risks organisations must consider when allowing personal devices, such as laptops, smartphones and tablet computers, to be used to process work-related personal information. The guidance explains how this approach, commonly known as ‘bring your own device’ (BYOD), can be adopted safely and in a manner that complies with the Data Protection Act.
A recent survey, commissioned by our office, uncovered that 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity. This raises concerns that a lack of guidance may be putting personal information at unnecessary risk. We are therefore urging organisations to read our guidance before it is too late.
Announcing the guidance, Simon Rice, ICO Group Manager (Technology) said:
“The rise of smartphones and tablet devices means that many of the common daily tasks we would have previously carried out on the office computer can now be worked on remotely. While these changes offer significant benefits to organisations, employers must have adequate controls in place to make sure this information is kept secure.
“Our guidance aims to help organisations develop their own policies by highlighting the issues they must consider. For example, does the organisation know where personal data is being stored at any one time? Do they have measures in place to keep the information accurate and up-to-date? Is there a failsafe system so that the device can be wiped remotely if lost or stolen?”