ICO cautions businesses on BYOD danger

BYOD
Employees can cause problems with BYOD

The Information Commissioner's Office (ICO) has warned businesses to ensure they have policies in place to tackle the bring-your-own-device (BYOD) trend.

The firm cited an incident that occurred that the Royal Veterinary College in 2013, when a staff member lost a personal camera that contained the passport photos of six job applicants, as an example.

The ICO said firms should make sure staff are aware of the dangers caused by using personal devices for work, and that several key steps should be followed to prevent them. This included ensuring devices are secure and have encryption capabilities in place and that the use of unsecured servers, like cloud storage tools, are avoided.

It also said a clear end-of-contract policy should be in place so staff know that access to certain accounts would be revoked from their device. Finally, they advised that the ability to wipe or immobilise lost or stolen devices should be considered and staff must be made aware of the potential for this to happen.

Balance risk and reward

ICO group manager for technology Simon Rice urged: "As the line between our personal and working lives becomes increasingly blurred it is critical that employers have a clear policy about personal devices being used at work.

"The benefits must be balanced against the potential risks to work-related personal data but the organisation should not underestimate the level of effort which may be required to ensure that the processing of personal data with BYOD remains compliant with all eight principles of the Data Protection Act."

With firms being urged to consider putting control measures in place to protect devices from various threats, it poses the question of how much freedom an employee will have to use their own device for work purposes.