The ‘bring your own device to work’ challenge
According to a report by YouGov, 65 per cent of companies currently allow employees to bring their own devices to work, but only a quarter said that their organisation has a formal ‘bring your own device’ (BYOD) policy in place. It can be challenging to match what occurs in practice with an underlying policy, but the current disconnect can raise significant issues for employers. Kemp Little has outlined some of the key issues and ways to deal with them below:
Who owns the device?
A personal device used by an employee for work purposes is still owned by the employee and not the business. This inevitably means less control for an employer over a personal device than it would have over its own property. A company nevertheless has to remain in control of data for which it is responsible, notwithstanding the fact that the device is owned by the employee, so any BYOD policy should state that the contents of an employer’s system and any company data remain the property of the company, regardless of who owns the personal device.
How can your business ensure compliance with data protection legislation?
As mentioned above, although a personal device is owned by an employee, the company will still be considered the data controller of personal data belonging to the company that is held on the device pursuant to the Data Protection Act 1998 (DPA). Therefore, any company operating a BYOD policy will need to ensure that all processing of personal data on its employees’ personal devices for business purposes remains in compliance with the DPA. The key to ensuring this is to put in place appropriate security measures to prevent personal data from being accidentally or deliberately compromised. The Information Commissioner’s Office has provided some guidance to UK employers to ensure that their BYOD policies comply with the DPA, including recommended security measures. Some recommended security are measures below…
Click on the link below to read the rest of the Kemp Little briefing.
Sign in or Register to continue reading this article
It's quick, easy and free!
It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.Register now
Why register to The Lawyer
In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.
Identify the major players and business opportunities within a particular region through our series of free, special reports.
Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.
More relevant to you
To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.
News from Kemp Little
News from The Lawyer
Briefings from Kemp Little
M&A Diligence: time-limited obligation to resolve a dispute by friendly discussions found to be enforceable
Care should be taken when inserting clauses into acquisition agreements that require parties to speak to each other to resolve problems.
A truncated due diligence exercise, however time-efficient, can lead to unexpected exposure for purchasers.