21st March 2014
Smart phones and tablet computers have become increasingly commonplace with advancing technology increasing their available features and capability. Employees are also increasingly using their personal mobile devices for business purposes and, whilst this can no doubt benefit businesses by reducing the costs, there are a number of risks for employers. The issue is clearly high on the priority list of the Information Commissioner’s Office (ICO) which issued a press release in the new year encouraging organisations to have a clear Bring Your Own Device (BYOD) policy in the workplace.
Personal mobile devices are owned, paid for and supported by the user, rather than the business. As such a business will have significantly less control over the device than it would normally have over a company device. A business is responsible for protecting company data stored on personal mobile devices whether or not they are personal.
Businesses in favour of BYOD should consider implementing security measures to prevent unauthorised or unlawful access to your business’s systems or company data. To protect personal data from unauthorised or unlawful access, the ICO suggests ensuring devices are locked with a strong password and should use encryption to store data on the device securely. Additionally, mobile device management software is available which can allow a business to remotely manage the device.
Given the device is personally owned, users will also be much more reluctant to allow an employer to monitor their devices and if a business wishes to do so, it must, set out clearly why there is a business need and among other things ensure that it does not encroach during periods of normal personal use such as evenings and weekends.
In addition to these issues, the risk of loss or theft of the device is one of the most significant facing businesses. Loss of personal devises could lead to unauthorised or unlawful access to a company’s systems and confidential information. The ICO recommends businesses ensure a process is in place for quickly and effectively revoking access to a device in the event that it is reported lost or stolen.
Businesses should consider registering devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of a loss or theft.
BYOD seems increasingly inevitable and with this, the risk of security breaches and data protection issues arising. It is clear that businesses as data controller are responsible for ensuring that all processing of personal data whether on a corporate device or a personal devices remains in compliance with the data protection legislation.
For further information about the ICO press release or BYOD policies please contact Fiona Moss on 01932 590 220 or email email@example.com or another member of the corporate and commercial team.
Andrew Knorpel serves a number of recent developments across a variety of areas in employment law and practice
Sophie Banks looks into the further important decision relating to the employment status of “gig economy” workers.
Gemma James looks at premises sharing for suppliers who need to meet the expectation of a swift despatch and delivery by being in multiple locations