data security

As we have previously discussed, companies face a growing threat that trade secrets and other critical business information will be taken by employees and other insiders.  Protecting business critical information is not simple.  Companies need a holistic approach that implicates multiple areas of the law, including data security, privacy, intellectual property, white collar crime,

On 7 March 2013, the UK Information Commissioner’s Office (ICO) issued new guidance for employers on the use of personal devices for business purposes.  The guidance is largely informed by a survey commissioned by the ICO and carried out by the market research firm YouGov.  According to the survey, 47 percent of adults in the UK use personal smart mobile phones, laptops or tablets for work purposes, but less than 30 percent are given guidance on secure use and the risks relating to loss or theft.  However, even when an employee uses a personal device, an employer may still be liable in the UK for the loss of data relating to individuals that the employer is required to protect.

UK companies have in recent years been increasingly amenable to allowing employees to use personal devices for business purposes, a practice known as “bring your own device” to work, or BYOD.   The driving forces behind the trend for BYOD include cost considerations and a rise in flexible working practices.  The ICO guidance reminds employers that their responsibilities as data controllers apply equally in the context of BYOD.  In other words, employers remain liable for any data loss, theft, or damage to personal data that occurs, regardless of whether processing takes place in their secure corporate IT environment or on the personal devices of their employees. 
Continue Reading Safer “Bring Your Own Device” Policies: New Guidance from the UK Information Commission’s Office