Both New Zealand's Office of the Privacy Commissioner ("OPC") and its UK equivalent, the Information Commissioner's Office ("UK-ICO"), are drawing attention to the privacy issues associated with the increasing trend of "BYOD" - employees using their own electronic devices, such as smart-phones, and tablets, for work purposes.
The OPC is hosting a lunchtime seminar on 28 November entitled "BYOD - privacy and security challenges for organisations" (more information, including RSVP details, is available here). Attendance could be useful for any organisation that allows, or is considering allowing, its employees to BYOD.
The UK-ICO has drawn attention to its guidance on BYOD and privacy (available here), following a privacy breach resulting from an employee losing a camera, which included a memory card containing passport images of six job applicants (more information on the breach is available here).
The OPC has previously issued general guidance about "Privacy at Work" (available here) and the use of portable storage devices (available here), but the more detailed guidance from the UK is also likely to be relevant to BYOD in New Zealand. Key recommendations in the guidance are to:
- be clear with staff about which types of personal data may be processed on personal devices and which may not;
- use a strong password to secure devices;
- enable encryption to store data on the device securely;
- ensure that access to the device is locked or data automatically deleted if an incorrect password is entered too many times;
- avoid using public cloud-based sharing and public backup services, unless you have fully assessed them; and
- register devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of a loss or theft.