Guidance has been provided by the Government’s Centre for the Protection of National Infrastructure to businesses who are considering adopting a Bring Your Own Device (BYOD) approach that describes the key security aspects to minimise risks whilst maximising the business benefits. The guidance follows on from a report by the Information Commissioner’s Office in March.
The guidance contains information on the legal issues that can arise from the approach including the information that the responsibility lies with the data controller, rather than the individual device owner, for protecting personal information and will be liable for any breaches.
Busineses must also consider a range of issues including: the affect on commercial agreements as to whether software can be used on personal devices, limiting the data shared on devices and understanding how data can be shared across users and the cloud.
Businesses must make sure that a balance must be struck between BYOD user freedoms in terms of effectively using the devices and making sure that business data is secure.
The full guidance can be found at: https://www.gov.uk/government/publications/byod-guidance-executive-summary/byod-guidance-executive-summary