BYOD Threats Concern British Privacy Regulator - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:15 PM

BYOD Threats Concern British Privacy Regulator

Information Commissioner points to risks from employee-owned devices, releases guide to help businesses avoid data breaches, fines.

MWC 2013: Five Best Gadgets (Samsung Galaxy Note 8.0)
MWC 2013: Five Best Gadgets
(click image for slideshow)
The bring-your-own-device (BYOD) movement poses significant threats to data security and privacy, said the U.K.'s Information Commissioner's Office (ICO) at its annual conference in Manchester last week. The ICO is the government body set up to police data privacy and levy hefty fines on organizations it deems have too lax control over personal data.

The organization said its basis for raising such concerns is a study it recently conducted about BYOD attitudes among the British public. The ICO upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals, as set out in the U.K.'s Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

The ICO study's study found many employers appear to have a way-casual (in its phrase, laissez faire) attitude about allowing staff to use their personal laptops, tablet computers or smartphones for work. It warns that may be "placing people's personal information at risk" – and it doesn't like it.

[ What's the most dangerous smartphone? See Malware Writers Prefer Android. ]

The online survey, carried out by well-known U.K. consumer attitude pollsters YouGov, polled 2,151 British adults from Feb. 27 through March 1, 2013.

They found that 47% of all U.K. adults now use their personal smartphone, laptop or tablet computer for work purposes.

That would be fine, except fewer than three in 10 get guidance from their bosses on how to use BYOD, said the Information Commissioner. It said that raises "worrying concerns" that people may not understand how to look after the personal information accessed and stored on these devices.

"Employers must have adequate controls in place to make sure this information is kept secure," warned Simon Rice, the ICO's group manager for technology.

Rice also said many businesses aren't properly calculating the cost of introducing these controls -- which can range from being "relatively modest" to "quite significant." As a result, he is concerned any expected advantage from BYOD may not actually be delivered.

"Certainly," he said, "the sum will pale into insignificance when you consider the reputational damage caused by a serious data breach."

He should know: the ICO just fined a public sector nursing and midwifery organization £130,000 ($224,000) for losing three DVDs related to a nurse's misconduct hearing.

To help address these BYOD gaps, ICO has published a free guide to help CIOs address some of the main issues around properly protecting customer, patient or personal data in a BYOD context.

The guidance comes in the context of what -- echoing that ancient Chinese curse -- the Information Commissioner, Christopher Graham, calls "interesting times".

Speaking to some 800 data compliance officers at the conference, Graham said the ICO's annual conference fell at "a decisive moment for the data protection sector."

Graham's reference is to ongoing changes in European data legislation and the U.K's own struggle to find new ways of protecting privacy and free speech in an age of press intrusions and Twitter.

Still, for Graham, "Our central purpose remains unchanged: upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll