ARTICLE
26 November 2013

Data Protection Breach Prompts The ICO To Issue A Fresh Warning Of The Need For Bring Your Own Device Policies

WB
Wedlake Bell

Contributor

Wedlake Bell logo
We are a contemporary London law firm, rooted in tradition with a lasting legacy of client service. Founded in 1780, we recognise the long-standing relationships we have with our clients and how they have helped shape our past and provide a platform for our future. With 76 partners supported by over 300 lawyers and support staff, we operate on a four practice group model: private client, business services, real estate and dispute resolution. Our driving force is to empower our clients by providing quality legal advice, insight and intelligence that enables them to achieve their goals whether personal or business. We are large enough to advise on the most complex matters, but small enough to ensure that our people and our work remain exceptional and dynamic. Building relationships is at the heart of everything we do.
Explore Firm Details
It is increasingly common for employees to use personal devices such as smart phones, laptops or tablet computers for work purposes and yet employers often appear unaware of the potential data protection issues involved in such use.
United Kingdom Employment and HR
Person photo placeholder
Authors

It is increasingly common for employees to use personal devices such as smart phones, laptops or tablet computers for work purposes and yet employers often appear unaware of the potential data protection issues involved in such use. In response to this trend, the Information Commissioner's Office ("ICO") published guidance in March of this year entitled "Bring Your Own Device" ("BYOD") which outlined what employers should consider if their employees are permitted to use personal devices to process personal data for work purposes. It is important that the employer ensures that all processing of personal data that is under his control complies with the Data Protection Act 1998 ("DPA"), which may be difficult where the device is owned by the employee.

The Royal Veterinary College ("RVS") recently suffered the consequences of neglecting properly to consider BYOD data protection issues when it committed a breach of the DPA when an employee lost his camera, which included a memory card containing passport images of six job applicants. RVS had no guidance in place explaining how personal information stored for work should be looked after on personal devices. RVS has since undertaken to comply with the seventh data protection principle under the DPA which obliges data controllers to take appropriate technical and organisational measures against unauthorised processing and accidental loss of person data. It will implement a series of measures designed to ensure its compliance, for example providing mandatory training to staff and encrypting all portable devices.

The breach prompted the ICO to issue a fresh warning to employers to ensure that their data protection policies reflect how the modern workforce are using personal devices for work. It has urged all employers to review and, where necessary, update their data protection policies and to provide staff with appropriate guidance and training.

The news release issued by the ICO, which provides further advice for employers, can be viewed in full at http://www.ico.org.uk/news/latest_news/2013/Royal-Veterinary-College-data-breach-highlights-importance-of-guidance-on-personal-devices-14102013 .

The ICO's BYOD Guidance can be accessed athttp://www.ico.org.uk/for_organisations/data_protection/topic_guides/online/byod .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Lisa Broad
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More