The Information Commissioner’s Office (ICO) has warned businesses to ensure they have policies in place to tackle the bring-your-own-device (BYOD) trend.
The ICO cited an incident that occured at the The Royal Veterinary College in 2013 as an example of the problems BYOD can cause, after a staff member lost a personal camera that contained passport photos of six job applicants.
The ICO said firms must make sure staff are aware of the issues caused by using personal devices for work, and that several key steps should be followed.
This included ensuring devices are secure and have encryption capabilities in place and that the use of unsecured services, such as cloud storage tools, are avoided.
It also said a clear end-of-contract policy must be in place so staff know access to certain tools and accounts will be revoked from their device. Finally, the ICO said the ability to wipe or immobilise lost or stolen devices should also be considered and staff must be made aware of the potential for this to happen.
ICO group manager for technology Simon Rice urged firms to heed the warnings as any breaches mean the employer is held liable. “As the line between our personal and working lives becomes increasingly blurred it is critical that employers have a clear policy about personal devices being used at work,” he said.
“The benefits must be balanced against the potential risks to work-related personal data but the organisation should not underestimate the level of effort which may be required to ensure that the processing of personal data with BYOD remains compliant with all eight principles of the Data Protection Act.”
The issue of BYOD has been a hot topic in the IT sector for some time, but with firms being urged to consider putting control measures in place to protect devices from various threats, it poses the question of how much freedom an employee will have to use their own device for work purposes.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.