BYOD Threats Concern British Privacy Regulator - InformationWeek
01:15 PM

BYOD Threats Concern British Privacy Regulator

Information Commissioner points to risks from employee-owned devices, releases guide to help businesses avoid data breaches, fines.

MWC 2013: Five Best Gadgets (Samsung Galaxy Note 8.0)
MWC 2013: Five Best Gadgets
(click image for slideshow)
The bring-your-own-device (BYOD) movement poses significant threats to data security and privacy, said the U.K.'s Information Commissioner's Office (ICO) at its annual conference in Manchester last week. The ICO is the government body set up to police data privacy and levy hefty fines on organizations it deems have too lax control over personal data.

The organization said its basis for raising such concerns is a study it recently conducted about BYOD attitudes among the British public. The ICO upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals, as set out in the U.K.'s Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

The ICO study's study found many employers appear to have a way-casual (in its phrase, laissez faire) attitude about allowing staff to use their personal laptops, tablet computers or smartphones for work. It warns that may be "placing people's personal information at risk" – and it doesn't like it.

[ What's the most dangerous smartphone? See Malware Writers Prefer Android. ]

The online survey, carried out by well-known U.K. consumer attitude pollsters YouGov, polled 2,151 British adults from Feb. 27 through March 1, 2013.

They found that 47% of all U.K. adults now use their personal smartphone, laptop or tablet computer for work purposes.

That would be fine, except fewer than three in 10 get guidance from their bosses on how to use BYOD, said the Information Commissioner. It said that raises "worrying concerns" that people may not understand how to look after the personal information accessed and stored on these devices.

"Employers must have adequate controls in place to make sure this information is kept secure," warned Simon Rice, the ICO's group manager for technology.

Rice also said many businesses aren't properly calculating the cost of introducing these controls -- which can range from being "relatively modest" to "quite significant." As a result, he is concerned any expected advantage from BYOD may not actually be delivered.

"Certainly," he said, "the sum will pale into insignificance when you consider the reputational damage caused by a serious data breach."

He should know: the ICO just fined a public sector nursing and midwifery organization £130,000 ($224,000) for losing three DVDs related to a nurse's misconduct hearing.

To help address these BYOD gaps, ICO has published a free guide to help CIOs address some of the main issues around properly protecting customer, patient or personal data in a BYOD context.

The guidance comes in the context of what -- echoing that ancient Chinese curse -- the Information Commissioner, Christopher Graham, calls "interesting times".

Speaking to some 800 data compliance officers at the conference, Graham said the ICO's annual conference fell at "a decisive moment for the data protection sector."

Graham's reference is to ongoing changes in European data legislation and the U.K's own struggle to find new ways of protecting privacy and free speech in an age of press intrusions and Twitter.

Still, for Graham, "Our central purpose remains unchanged: upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll