01:15 PM

BYOD Threats Concern British Privacy Regulator

Information Commissioner points to risks from employee-owned devices, releases guide to help businesses avoid data breaches, fines.

MWC 2013: Five Best Gadgets (Samsung Galaxy Note 8.0)
MWC 2013: Five Best Gadgets
(click image for slideshow)
The bring-your-own-device (BYOD) movement poses significant threats to data security and privacy, said the U.K.'s Information Commissioner's Office (ICO) at its annual conference in Manchester last week. The ICO is the government body set up to police data privacy and levy hefty fines on organizations it deems have too lax control over personal data.

The organization said its basis for raising such concerns is a study it recently conducted about BYOD attitudes among the British public. The ICO upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals, as set out in the U.K.'s Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

The ICO study's study found many employers appear to have a way-casual (in its phrase, laissez faire) attitude about allowing staff to use their personal laptops, tablet computers or smartphones for work. It warns that may be "placing people's personal information at risk" – and it doesn't like it.

[ What's the most dangerous smartphone? See Malware Writers Prefer Android. ]

The online survey, carried out by well-known U.K. consumer attitude pollsters YouGov, polled 2,151 British adults from Feb. 27 through March 1, 2013.

They found that 47% of all U.K. adults now use their personal smartphone, laptop or tablet computer for work purposes.

That would be fine, except fewer than three in 10 get guidance from their bosses on how to use BYOD, said the Information Commissioner. It said that raises "worrying concerns" that people may not understand how to look after the personal information accessed and stored on these devices.

"Employers must have adequate controls in place to make sure this information is kept secure," warned Simon Rice, the ICO's group manager for technology.

Rice also said many businesses aren't properly calculating the cost of introducing these controls -- which can range from being "relatively modest" to "quite significant." As a result, he is concerned any expected advantage from BYOD may not actually be delivered.

"Certainly," he said, "the sum will pale into insignificance when you consider the reputational damage caused by a serious data breach."

He should know: the ICO just fined a public sector nursing and midwifery organization £130,000 ($224,000) for losing three DVDs related to a nurse's misconduct hearing.

To help address these BYOD gaps, ICO has published a free guide to help CIOs address some of the main issues around properly protecting customer, patient or personal data in a BYOD context.

The guidance comes in the context of what -- echoing that ancient Chinese curse -- the Information Commissioner, Christopher Graham, calls "interesting times".

Speaking to some 800 data compliance officers at the conference, Graham said the ICO's annual conference fell at "a decisive moment for the data protection sector."

Graham's reference is to ongoing changes in European data legislation and the U.K's own struggle to find new ways of protecting privacy and free speech in an age of press intrusions and Twitter.

Still, for Graham, "Our central purpose remains unchanged: upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll