BYOD entered the technological vocabulary in 2009 care of ‘Intel’ when it was recognised that there was an increasing tendency among its employees to bring their own smartphones, tablets and laptop computers to work and connect them to the corporate network.
New trends, the proliferation of devices such as tablets and smartphones, now used by many people in their daily lives, has led to a number of companies, to allow employees to bring their own devices to work, due to perceived productivity gains and cost savings.
BOYD is using your own devices and is used in all areas from business to education and much study has taken place about its benefits.
It is with security in mind that we have written this short item about BOYD. It is important to know how data is stored on personal devices if that data is work related.
BYOD in relation to business has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone. Another type of security breach occurs when an employee leaves the company; they do not have to give back the device, so company applications and other data may still be present on their device.
These examples can be also be used in relation to how we share low level business crime information. If an employee uses his phone to share information and loses that phone that they have used to store low level crime data and this phone is lost or stolen the data could be accessed by unregistered parties without the required legitimate interest to share that information and breaches of DPA 2018/GDPR 2018 could occur. Or as the second example above illustrates when that person leaves the company and takes the device with them. Does your company have a BOYD Policy? A BYOD policy can be created based on the company’s requirements. BYOD policies can vary greatly from organization to organization depending on the concerns, risks, threats, and culture, so differ in the level of flexibility. BOYD Policies are used by large companies to address usage and storage of data by employees using devices provided to them or their own personal devices.
From time to time it may be beneficial to speak to employees, security guards of the importance of complying with the Data Protection Act 2018 and deleting out of date /irrelevant data from their devices. In case of loss of that device or leaving the company.