Data Protection – ICO encourages businesses to introduce bring your own device policies

Data Protection – ICO encourages businesses to introduce bring your own device policies

The Information Commissioner’s Office (ICO) has highlighted the increasing use of personal devices (such as smartphones, tablets and laptops) for work purposes. The ICO suggests that businesses should update data protection policies and provide staff with guidance and training in response to this trend.

The Royal Veterinary College recently gave an undertaking to the ICO, following a data breach involving the theft of an employee’s personal camera memory card on which photographs of six job applicants’ passports were stored. The ICO in particular found that the college was in breach of the seventh data protection principle in the Data Protection Act 1998 which obliges data controllers to take appropriate technical and organisational measures against unauthorised processing and accidental loss of personal data. The college had no guidance in place on the storage of personal information for work purposes on personal devices. It has undertaken as follows:
to provide compulsory training to staff;
to encrypt personal devices;
to provide other security measures in order to comply with the seventh principle.

For a checklist highlighting the potential risks and benefits of allowing employees to use their own personal mobile devices for business purposes, please click here.

For advice on updating your data protection policy or compliance with data protection generally, please contact us on 01225 462871 or at: info@blbsolicitors.co.uk.

Image by Alejandro Escamilla under a Creative Commons licence.