ICO urges firms to crack down on unsecure device use
Information watchdog adds that data controllers should not go overboard with employee monitoring
The Information Commissioner's Office (ICO) has told business data controllers that while remote working and bring your own device (BYOD) policies have many benefits they should "not be shy" about cracking down on unsecure devices.
The data watchdog also suggested that businesses should not go too far in the other direction by intruding on their employees' privacy, though, and that a balance must be struck.
Speaking at a Westminster eForum event on remote working, Simon Rice, the ICO's group manager for technology said data controllers should consider how much information is required on any device at one time and that simple security features should not be ignored.
"If a device does not have what the data controller considers to be a critical measure or if the employee doesn't want to enable it, don't be shy about choosing not to enrol that device," he advised. "Most modern devices allow for password protection and the encryption of data, and it's just a matter of making sure it's switched on at little or no additional cost.
"It's important that a data controller is not reducing a level of security that they've already put in place. If they've already defined the standards, allowing new devices to connect shouldn't reduce that standard."
However, Rice was quick to discredit excessive mobile device management, urging data controllers to take a slightly lighter touch to regulation: "We musn't forget the employees themselves. By definition, some or most of the use of personal devices will be personal. A bring your own device policy should not permit surveillance or excessive monitoring coming through the back door."
The ICO has handed out fines totalling more than £4m to public bodies alone since it was given the power to penalise data mishandling in 2011, with the total brought even higher when private firms are considered.
Rice concluded that while many business processes can take place on personal devices, he said that it would not be considered acceptable for "all types of processing for any type of data" to take place on personal devices. He said that data controllers "must take stock of this, and should not underestimate the time and effort to put those measures in place."
The rise of BYOD policies in organisations is growing all the time. V3 reported this week on plans at Hounslow Council to implement BYOD for both phones and tablets as well as moving to an 'infrastructure free' IT use model within five years.
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago