BYOD Guidance

January 26, 2015

BYOD Guidance

Guidance from the Centre for the Protection of National Infrastructure and the UK's National Technical Authority for Information Assurance highlights some of the aspects organisations must consider when adopting a 'Bring Your Own Device' (BYOD) approach, whereby members of staff use their own laptops, phones and tablets in the course of their work.

Key issues that must be tackled are security – for example limiting the type of information that can be shared by such devices and having an effective BYOD policy so that staff understand their responsibilities when using their own devices for work purposes – and compliance with data protection legislation. Employers are reminded that the legal responsibility for protection of other people's personal information, in accordance with the Data Protection Act 1998 (DPA), rests with the Data Controller, not with the owner of the device. The Information Commissioner's Office can impose fines of up to £500,000 for serious breaches of the DPA.

In addition, it is important to make sure adopting a BYOD approach does not breach existing software user agreements.