The Information Commissioner’s Office (ICO) has warned firms of the need to implement proper bring-your-own-device (BYOD) policies after the Royal Veterinary College (RVC) was caught out by the trend when sensitive data, which was stored on a staff-owned device, was lost.
The staff member at the College lost their own digital camera and memory card that contained six passport image scans of prospective job applicants. The ICO said after investigating the incident it found the College did not have any BYOD polices in place or guidance for staff on using devices such as tablets, phones and cameras for work purposes.
“Our investigation revealed that the device was personally owned by the employee and as such fell outside of the policies and procedures in place. However, the RVC does not appear to have accounted for the possibility of employees using their own devices in the workplace,” it said.
Head of enforcement at the data watchdog Stephen Eckersley said that the incident should serve as a warning to other organisations of the need to assess how staff are accessing data.
“Organisations must be aware of how people are now storing and using personal information for work and the Royal Veterinary College failed to do this,” he said.
“It is clear that more and more people are now using a personal device, particularly their mobile phones and tablets, for work purposes, so its crucial employers are providing guidance and training to staff which covers this use.”
The College has now signed an undertaking to ensure staff are trained on personal data handling and that all devices used for sensitive data contain encryption software.
The Royal Veterinary College said it would take the ICO's guidance on board to improve it security practices.
"We are disappointed that the guidelines and processes we had in place proved inadequate in this instance. We had already taken action to strengthen our information security provisions before the ICO completed its investigation, but are nevertheless grateful to the ICO for the further guidance it has provided," it said.
The incident underlines the myriad issues that BYOD can cause. While most warnings focus on devices such as tablets and phones, as this case shows, anything that allows the storage and movement of digital data must be considered when designing and implementing policies.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago