The Information Commissioner’s Office (ICO) is advising that organisations should have a clear personal device at work policy.
A recent survey showed that 60% of the UK population now own a smart phone and 20% a tablet and an increasing number want to use their personal devices at work. Known as ‘bring your own device’ the ICO state that the benefits include increased efficiency, flexibility and employee morale but the practice also carries a number of risks which organisations must consider when allowing employees’ devices to be used to process work-related personal information.
Simon Rice, Group Manager (Technology), said:
‘As the line between our personal and working lives becomes increasingly blurred it is critical employers have a clear policy about personal devices being used at work.’
‘The benefits must be balanced against the potential risks to work-related personal data but the organisation should not underestimate the level of effort which may be required to ensure that the processing of personal data with BYOD remains compliant with all 8 Principles of the Data Protection Act. Remember, it is the employer who is held liable for any breaches under the DPA.’
The ICO’s key ‘bring your own device’ recommendations are:
- ensure devices are secure
- ensure data transfers are secure
- retain control
- have an ‘end of contract’ policy
- have a clear ‘acceptable use policy’.
Internet link: ICO news
A warning that Sheffield area companies could be hit by crippling fines and have their reputations ruined for losing confidential data even when it isn’t their fault and no harm resulted from the loss was issued today by an IT expert.
In the first eleven months of 2012, twenty organisations in the UK have been fined a total of £2.4m for data losses and many other companies are at risk, says Charles Kavazy, Director of IT Services at Sheffield based independent chartered accountants and specialist business advisers Hawsons, of Glossop Road.
He adds: “In almost all of the cases, nobody was harmed by the loss but the reasons the fines were so high is because the Data Protection Act states that organisations need to ensure a level of security for their data appropriate to the harm that might result from data loss. The fines are based, therefore, not on the harm or loss or damage that has occurred but the harm or loss or damage which might occur.”
“Another misconception”, Charles says, “is that if another company loses your information, the responsibility rests with that company. This is incorrect.”
“If, for example, one of your outsourced IT, pension, health or other providers loses your data, it is you who will be fined by the Information Commissioner’s Office and not your outsourced supplier. It is your responsibility to ensure that your suppliers apply a level of security appropriate to the harm that might result from any loss.”
If you feel you might be at risk from data loss and would like help in mitigating the risk, contact Charles on 0114 266 7141 or e-mail: firstname.lastname@example.org