The Information Commissioner’s Office (ICO) is advising that organisations should have a clear personal device at work policy.
A recent survey showed that 60% of the UK population now own a smart phone and 20% a tablet and an increasing number want to use their personal devices at work. Known as ‘bring your own device’ the ICO state that the benefits include increased efficiency, flexibility and employee morale but the practice also carries a number of risks which organisations must consider when allowing employees’ devices to be used to process work-related personal information.
Simon Rice, Group Manager (Technology), said:
‘As the line between our personal and working lives becomes increasingly blurred it is critical employers have a clear policy about personal devices being used at work.’
‘The benefits must be balanced against the potential risks to work-related personal data but the organisation should not underestimate the level of effort which may be required to ensure that the processing of personal data with BYOD remains compliant with all 8 Principles of the Data Protection Act. Remember, it is the employer who is held liable for any breaches under the DPA.’
The ICO’s key ‘bring your own device’ recommendations are:
- ensure devices are secure
- ensure data transfers are secure
- retain control
- have an ‘end of contract’ policy
- have a clear ‘acceptable use policy’