Protecting your security when using a personal device in the workplace

Today, many people use their personal devices for work purposes – last year, a survey by YouGov SixthSense revealed that almost half of British employees do this.

Of the 2,151 staff surveyed, 40% of employees used their own devices at work without any guidance from their employer and another 14% were unaware whether their employers have produced guidance on the use of personal devices at work. Almost one third of senior managers use their own smartphones for work and 23% of companies have a ‘bring your own device’ (BYOD) policy in place.

However, as this article about employment law and personal gadgets demonstrates, employers would do well to make sure that they include provisions for the use of personal devices for work purposes in their data protection policies.

The Information Commissioner’s Office (ICO) is an independent authority in the UK that has been established to uphold information rights in the public interest, to promote transparency by public bodies and data privacy for the individual. The ICO has now warned organisations that provisions should be made to cover data protection situations when employees use any personal device such as a smartphone, tablet or laptop for work.

It has become much more common for people to work on their personal devices. Many people choose to use their own device that they are comfortable with rather than a device provided by their employer. Of course, when people use their personal devices for work (BYOD) it’s a great option for those who have long commuter journeys or want to access emails and other information outside of usual work hours.

But there’s a potential downside to BYOD with potential information security risks and danger that an employee might breach the data protection act and data protection principles, whether it’s done deliberately or not. There may be costs involved for the employer to cover the introduction of controls to mitigate these kinds of risks. And employees may be less keen on using their personal devices for work when they realise that they have to use controls to keep data safe.

At the end of the day, though, responsibility for the protection of corporate personal data falls with the company rather than the employee whose personal device the information is held on. If an employer permits BYOD for its employees, any personal data held on a device will at least have to be encrypted, which might require software licencing, patching and technical support. Some employers may decide that the extra costs and layers of admin involved in protecting personal data may mean that BYOD brings more inconveniences than the benefits it offers.

If a company wishes to approve BYOD for its employees, it will need to have a policy that sets out exactly how employees can use their personal devices for work purposes and the controls that are put in place for data protection.

 

Posted by on Mar 21 2014. Filed under Blog. You can follow any responses to this entry through the RSS 2.0. Both comments and pings are currently closed.

Comments are closed

Search Archive

Search by Date
Search by Category
Search with Google
Log in | Designed by