BYOD technology: is your clients’ data protected?

By Ian Wimbush

A survey conducted earlier this year by the market research company YouGov reveals that almost half (47%) of UK adults now use their personal smartphone, laptop or tablet computer for work purposes. Worryingly, according to the Information Commissioner's Office "less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising concerns that people may not understand how to look after the personal information accessed and stored on these devices".

In the past, lawyers were neither able nor expected to be in contact with clients when they were out of the office. Now that we live in an "always on" age a client expects to be able to contact his/her lawyer pretty much constantly on demand. If they are not able to do this might they consider using a lawyer that they can be in contact with. In this era of constant communication many lawyers have taken it upon themselves to circumvent procedures and to use their own smartphones, tablets and laptops to help them communicate better with their clients and to stay up-to-date with case loads.

While this can be seen as a conscientious and diligent move, it also carries risks of the integrity of corporate and personal data. What happens if an employee leaves a smartphone or laptop on a train with corporate data on it for example? Could your clients’ confidentiality potentially be compromised? And who pays for the equipment, repair costs, subscription costs etc?

It's clear that BYOD (Bring Your Own Device) technology is here to stay. People need to feel comfortable with the technology that they are using, and that normally means that they want to use their own devices. Law firms need to tap into the BYOD culture, maximising the opportunities whilst observing the related security and data protection issues. So, as a law firm, how do you monitor and control the private use of technology? To help, the Information Commissioner's office has recently issued a set of guidelines and some of the key points to consider are a policy which covers the following points can be seen online:

  •  Who will be responsible for monitoring the policy?
  • What type of personal data can be processed on the personal device and if it is stored on the device how can it be safely deleted when not in use?
  • Strong passwords to secure devices.
  • Automatic locks on devices to prevent unauthorised access of information, ensure the user knows when to delete information and maintaining a separation between personal data and data used for the purposes of work.
  • Which documents are allowed to be accessed through a personal device?
  • How controls can be put in place if the device is lost of stolen.
  • Who pays for the cost of maintaining the device if it is being used for work purposes?
  • What happens on termination of employment?

 

Filed Under: Technology

Relevant Articles
Area of Interest