Many companies have a “laissez faire” attitude to staff using their own devices for work purposes, sparking growing concerns that the practice could be putting customers’ personal data at risk.
That is the verdict of the Information Commissioner’s Office, following a research which shows that nearly half (47%) of all employees now use their personal smartphone, laptop or tablet for work, yet fewer than a third are given advice on the potential threats to privacy.
The survey, carried out by YouGov, shows that email is the most common work activity carried out on a personal device, accounting for 55% of people who use their own gadgets. This was followed by 37% who used a personal device to edit work documents, and 36% who stored work documents.
The watchdog maintains this raises “worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices”.
ICO group manager for technology Simon Rice said: “The rise of smartphones and tablet devices means that many of the common daily tasks we would have previously carried out on the office computer can now be worked on remotely. While these changes offer significant benefits to organisations, employers must have adequate controls in place to make sure this information is kept secure.
“The cost of introducing these controls can range from being relatively modest to quite significant, depending on the type of processing being considered, and might even be greater than the initial savings expected. Certainly the sum will pale into insignificance when you consider the reputational damage caused by a serious data breach. This is why organisations must act now.”
To combat the issue, the ICO has published new guidelines for the rise of the so-called “bring your own device” (BYOD) phenomenon.
Rice added: “Our guidance aims to help organisations develop their own policies by highlighting the issues they must consider. For example, does the organisation know where personal data is being stored at any one time? Do they have measures in place to keep the information accurate and up-to-date? Is there a failsafe system so that the device can be wiped remotely if lost or stolen?”
