ICO reminds organizations of need for BYOD policies to protect data
The Information Commissioner’s Office (ICO) is reminding organizations that they must make sure that their data protection policies reflect how the modern workforce are using personal devices for work.
With a YouGov survey earlier this year showing that 47% of all UK employees now use their smartphone, tablet PC or other portable device for work purposes there is a concern many organizations are failing to update their data protection policies to account for this growing trend.
The warning comes after the Royal Veterinary College breached the Data Protection Act when a member of staff lost their camera, which included a memory card containing the passport images of six job applicants. The incident occurred in December last year and the organisation had no guidance in place explaining how personal information stored for work should be looked after on personal devices. In the Undertaking they signed, the RVC committed to a number of steps, including:
Portable and mobile devices including laptops and other portable media used to store and transmit personal data, the loss of which could cause damage or distress to individuals, are encrypted using encryption software which meets the current standard or equivalent and advice shall be provided to staff on the use of personal devices, by no later than 30 April 2013;
Physical security measures are adequate to prevent unauthorised access to personal data;
ICO Head of Enforcement, Stephen Eckersley, said:
“Organizations must be aware of how people are now storing and using personal information for work and the Royal Veterinary College failed to do this. It is clear that more and more people are now using a personal device, particularly their mobile phones and tablets, for work purposes so its crucial employers are providing guidance and training to staff which covers this use.
“We have published guidance on this growing trend, commonly known as Bring Your Own Device (BYOD), and we would urge all organisations to make sure they follow our recommendations by ensuring their data protection policies reflect the way many of us are now using personal devices for work.”