The Information Commissioner’s Office (ICO) is urging organisations to make sure that their data protection policies reflect how employees are using personal devices for work.
A YouGov survey earlier this year showed that 47% of all UK employees use personal mobile devices for work, but many organisations are failing to update their data protection policies accordingly, the ICO said.
The warning comes after the Royal Veterinary College breached the Data Protection Act when a member of staff lost a camera holding a memory card that contained the passport images of six job applicants.
When the incident occurred in December 2012 the organisation had no guidance in place explaining how personal information stored for work should be looked after on personal devices, the ICO found.
“Organisations must be aware of how people are now storing and using personal information for work, but The Royal Veterinary College failed to do this,” said ICO head of enforcement Stephen Eckersley.
Protecting data from leaks and viruses is not easy, but you have some weapons in your arsenal, including encryption, remote wipe and secure containers. Click here to find out more.
“It is clear that more and more people are now using a personal device, particularly mobile phones and tablets, for work purposes, so it's crucial that employers provide guidance and training to staff which covers this use,” he said.
The ICO has published guidance on this growing trend, commonly known as bring your own device (BYOD), and has called on all organisations to follow the recommendations.
Key issues organisations need to be aware of when allowing staff to use personal devices for work, as listed in the ICO’s guidance, include:
15 Oct 2013