iPhones, iPads, tablets, notebooks, laptops, kindles and smart phones are devices we are all too familiar with. Statistics show that there are now more than 1 billion people with smart phones in the world and remarkably this increases by 42% each year. These devices no longer serve as merely social consoles where the odd few hours can be wasted, quite the contrary; they handily encompass our entire daily lives from emails, to the internet, music, address books, social media, news, games to pretty much anything else you can think of (there is probably an app for anything you can’t think of too). Academics call it the ‘consumerisation of IT’, but what are the implications of the proliferation of these devices in the workplace of today?
BYOD, or Bring your Own Device, is not necessarily a new phenomenon. Employees have been taking their devices to work since the day they bought them. It has only been recently that many employers have looked to implement a BYOD policy. Undoubtedly this is due to the enthusiasm of using personal devices for work purposes. Indeed technology has developed so rapidly that most devices are now compatible with workplace networks and software packages.
The benefits of bringing and using your own device at work are endless. Employees can work with more flexibility – in the office, at home and even on the move – which should lead to an increase in job satisfaction and a more productive workforce. Employers will benefit from a reduction in IT costs, including the cost of purchasing/maintaining expensive hardware packages and corporate-issued devices.
However, the boom in ‘consumerisation of IT’ has been matched with an upsurge in activity which may hinder its progression. There are obvious risks associated with allowing BYOD to go unregulated. Not least the danger of criminals attempting to exploit the data held on devices, but also the risk of devices (and consequently, privileged company information) being lost, systems being damaged and corporate reputations being trodden. For example, we all remember the story of the NHS memory sticks found unencrypted with confidential patient information stored on them.
These are not the only issues at play. Personal mobile devices are owned, maintained and supported by the user, rather than the business. This means that a business will have significantly less control over the device than it would normally have over a traditional corporately owned and provided device. A business will, for example, have no control over filters used on personal devices, so the risk of untrusted sources being malicious is much higher. From a data protection perspective, the user is in control but the data controller still has a responsibility to ensure that all information is processed lawfully. This may prove virtually impossible in practice. This leads on to privacy issues. Businesses will wish to monitor the information being passed over personal devices, but this should be undertaken with caution so as to avoid being too intrusive.
To combat these problems in the workplace, a robust BYOD policy is recommended. Such a policy should include mandatory password and pin protection and encryption for devices. Rules should establish what personal items can be downloaded, whether personal devices can be used by members of the employee’s family and when the device may be monitored by the employer. The BYOD policy should also outline the purpose of monitoring these devices, for example to ensure that data can be remotely deleted if a device is lost or stolen or on termination of employment. Finally, since the nature of BYOD encourages constant contact with the working environment, a BYOD policy may want to ensure that employees are not working over the 48 hour week under the Working Time Directive unless an opt out is put in place.
For more information email firstname.lastname@example.org