Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Printer Friendly Version
Against a backdrop of data security scares arising from increasing use by employees of their own devices, the Information Commissioner's Office (ICO) recently warned that organisations must ensure that their data protection policies reflect the working practices of their employees and Bring Your Own Device (BYOD) issues in particular.
The warning was given in the context of a report of an incident involving the loss of a Royal Veterinary College (RVC) staff member's camera. The camera contained a memory card on which the passport images of six job applicants were recorded. The exact circumstances of how and why the images were on an employee's personal device are not detailed, but there is nothing to suggest there was any malicious intent behind it and it is notable that the RVC themselves chose to inform the ICO of the loss.
This incident has been discussed in some depth in the context of the growing 'trend' of BYOD. That is perhaps to take a slightly narrow view of its applicability. It is an admirable function of the human condition that people will use whatever tools are at their disposal in a creative manner to get the job done. Of course, when that conflicts with the rights of others (here the data subjects'), regulation is required. However, if an employee's instinct to find a solution is to be hindered, it is in the interests of their employer to implement effective policies and training to explain why and how that is done.
Thankfully, in most circumstances, organisations do not want their employees to behave like drones, unwaveringly following set procedures. An organisation devoid of people with the creativity and initiative to manoeuver around immediate difficulties is unlikely to be in business for long. Furthermore, the overly-zealous application of regulation-driven procedures, especially in areas such as data protection, risks playing into the hands of those who complain that the regulators 'don't understand business' and those who would wish to sacrifice personal data protections on the altar of business competitiveness. The answer lies, as it so often does, in the application of common sense guidance that allows initiative to flourish while promoting the personal data security that we all value. To that end, the ICO produced some helpful guidance earlier this year which explains some of the key issues organisations need to be aware of, notably :
It is commendable that, in these circumstances, the ICO allowed positive undertakings to be given by the RVC. As well as providing for technical security measures, the undertakings given serve to bolster the understanding of employees as to the importance of data security, put policies in place to regulate use and encourage a culture of awareness and concern for the security of personal data.
Subscribers to Lexis®PSL IP&IT will find the precedent BYOD policy and practice note useful. In-house lawyers and practitioners charged with ensuring employee awareness of BYOD issues and policies should see the associated training materials.
0330 161 1234