The UK Information Commissioner’s Office has advised companies to crack down on unsecure devices while implementing BYOD and remote working policies, according to V3. The authority also argued that businesses should consider employees’ privacy and strike a balance between security and snooping.
â€œIf a device does not have what the data controller considers to be a critical measure or if the employee doesn’t want to enable it, don’t be shy about choosing not to enroll that device,â€ ICO Group Manager for Technology Simon Rice said.
â€œMost modern devices allow for password protection and the encryption of data, and it’s just a matter of making sure it’s switched on at little or no additional cost. It’s important that a data controller is not reducing a level of security that they’ve already put in place. If they’ve already defined the standards, allowing new devices to connect shouldn’t reduce that standard.â€
The ICO representative, who spoke at the Westminster eForum event, said that excessive mobile device management might be harmful for employees.
â€œBy definition, some or most of the use of personal devices will be personal,â€ Rice said. â€œA bring your own device policy should not permit surveillance or excessive monitoring coming through the back door.â€
Since it gained the power to penalize data mishandling in 2011, the Information Commissioner’s Office has handed out more than Â£4m-worth fines to public entities alone.