Performance management is a process used to develop teachers in their careers and, at the same...
- Basildon 01268244144
- Chelmsford 01245453800
- Colchester 01206217300
- London 020 4586 1280
Search site
Call our office
Make an enquiry
Our people
Search our people
The Data Protection Act 1998 (DPA) requires data controllers to take appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Where an employer allows workers to use their own personal devices, such as laptops, smartphones and tablet computers, this raises a number of data protection concerns. The trend, commonly known as ‘bring your own device’ or BYOD, can mean that workers’ own devices are used to access and store corporate information, including personal data. It is therefore important for data controllers to remember that they have a duty to remain in control of the personal data for which they are responsible, regardless of who owns the device used to carry out the processing.
The Information Commissioner’s Office has produced comprehensive guidance, entitled ‘Bring your own device (BYOD)’, to help data controllers comply with their duties in this respect. This recommends having a BYOD policy covering the types of personal data you are processing and the devices, including ownership, on which these will be held. The policy should be clearly understood by users connecting their own devices to your IT systems and regular checks should be carried out to ensure compliance. When drawing up the policy, the data controller will need to assess:
The guidance gives tips on each of these areas, including the use of passwords, data encryption and other security measures that may be introduced, such as ensuring that access to the device is locked or data automatically deleted if an incorrect password is repeatedly input and the facility to locate devices remotely and to delete data on demand.
There is also a section on making sure the BYOD policy facilitates compliance with other aspects of the DPA.