ICO urges firms to crack down on unsecure device use
Information watchdog adds that data controllers should not go overboard with employee monitoring
The Information Commissioner's Office (ICO) has told business data controllers that while remote working and bring your own device (BYOD) policies have many benefits they should "not be shy" about cracking down on unsecure devices.
The data watchdog also suggested that businesses should not go too far in the other direction by intruding on their employees' privacy, though, and that a balance must be struck.
Speaking at a Westminster eForum event on remote working, Simon Rice, the ICO's group manager for technology said data controllers should consider how much information is required on any device at one time and that simple security features should not be ignored.
"If a device does not have what the data controller considers to be a critical measure or if the employee doesn't want to enable it, don't be shy about choosing not to enrol that device," he advised. "Most modern devices allow for password protection and the encryption of data, and it's just a matter of making sure it's switched on at little or no additional cost.
"It's important that a data controller is not reducing a level of security that they've already put in place. If they've already defined the standards, allowing new devices to connect shouldn't reduce that standard."
However, Rice was quick to discredit excessive mobile device management, urging data controllers to take a slightly lighter touch to regulation: "We musn't forget the employees themselves. By definition, some or most of the use of personal devices will be personal. A bring your own device policy should not permit surveillance or excessive monitoring coming through the back door."
The ICO has handed out fines totalling more than £4m to public bodies alone since it was given the power to penalise data mishandling in 2011, with the total brought even higher when private firms are considered.
Rice concluded that while many business processes can take place on personal devices, he said that it would not be considered acceptable for "all types of processing for any type of data" to take place on personal devices. He said that data controllers "must take stock of this, and should not underestimate the time and effort to put those measures in place."
The rise of BYOD policies in organisations is growing all the time. V3 reported this week on plans at Hounslow Council to implement BYOD for both phones and tablets as well as moving to an 'infrastructure free' IT use model within five years.
V3 Latest
Scientists uncover 'strongest material in universe', and name it nuclear pasta
Found by calculating the strength of the material deep inside the crust of neutron stars
MIT boffins develop system that can recognise speech and objects at the same time
Can highlight in real-time the relevant regions of an image being described
Latest Tesla news: Tesla to face criminal investigation over Elon Musk's Tesla privatisation tweets
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Researchers develop tech to boost the performance of lithium metal batteries
Battery development could help boost performance of smartphones
Most read
