Bring Your Own Device - Government issues new guidance
A recent YouGov survey revealed that 47% of the working population now use their personal smart phone, laptop or tablet for work purposes. Whilst this “bring your own device” (BOYD) approach to working may have some benefits for employers it also brings headaches in ensuring compliance with data protection regulations.
The legal responsibility for protecting personal information lies with the data controller (the employer). However, adopting a BYOD approach means that the device is owned by the employee and employers should consider what steps they need to take to ensure data protection is not compromised.
The Government has issued new Guidance setting out what legal, technical and practical issues employers should be considering.
In addition to data protection, employers should consider the Employment Practices Code that states that employees are entitled to a degree of privacy in their work environment. This will be particularly relevant in relation to a device owned by the employee but used for work purposes also.
The Guidance recommends that companies adopt a BYOD policy but warns that a policy that is too restrictive may encourage staff to find workarounds which, actually, increases the security risk.
It also provides guidance in relation to technical considerations such as personal devices that back up to cloud based applications and recommends that companies plan for and practise security breach incidents.
In relation to practical considerations, the Guidance suggests that companies consider alternative ownership models such as allowing employees to choose their own device from a selection of approved devices that are purchased and controlled by the employer and/or allowing increased personal use of corporately owned devices.
If you would like further information in relation to any of the legal aspects of BYOD or assistance with drafting a BYOD policy or data protection breach policy please do get in touch.
Posted on 10/20/2014 by Ortolan
