7 March 2013

The ICO has published guidance on BYOD, following the results of a survey, carried out by YouGov, which revealed that 47% of UK adults use their personal devices for work purposes and only one third of those individuals received guidance about how they should do this safely.

The ICO guidance makes clear that organisations remain responsible for any processing of personal data that takes place on personal devices and that allowing BYOD without clear policies and security measures risks placing the organisation at risk.

The ICO's key recommendations are:  

  • Be clear with staff about which types of personal data may be processed on personal devices and which may not.
  • Use a strong password to secure devices.
  • Enable encryption to store data on the device securely.
  • Ensure that access to the device is locked or data automatically deleted if an incorrect password is input too many times.
  • Use public cloud-based sharing and public backup services, which you have not fully assessed, with extreme caution, if at all.
  • Register devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of a loss or theft.

ICO also recommends developing an Acceptable Use Policy and Social Media Policy.

The full guidance can be found here.