The Information Commissioner’s Office (ICO) wants organisations in the UK to have a clear bring-your-own-device (BYOD) policy to tackle the growing risks associated with this particular trend.
ICO acknowledged that BYOD has many benefits including increased efficiency and flexibility, but also warned that “it also carries a number of risks organisations must consider when allowing employees’ devices to be used to process work-related personal information.”
Citing an incident at The Royal Veterinary College that involved data loss because a staff lost a personal camera, ICO said that companies should be aware of issues that crop up because of use of personal devices at work.
ICO recommends that companies allowing the use of personal devices at work should ensure that devices are secure and ensure that data is protect against unauthorised access. Further the ICO wants organisations to ensure that data transfers between these personal devices and organisation’s systems should be over a secure channel. ICO also recommends that organisations have a clear ‘end of contract’ policy as well as a ‘clear’ acceptable use policy.
Simon Rice, Group Manager (Technology) at ICO said, “As the line between our personal and working lives becomes increasingly blurred it is critical employers have a clear policy about personal devices being used at work.”
Rice warns that organisations shouldn’t underestimate the efforts that may be required to ensure compliance with 8 principles of Data Protection Act when it comes to personal data processing and BYOD.
