Digital Transformation

Employers ‘are too laissez faire’ on data protection

Guidance may be hard to come by for people taking part in BYOD.

A new survey has suggested that employers are not paying enough attention to data protection when allowing their staff to take part in the ‘bring your own device’ (BYOD) trend.

The research was carried out by the Information Commissioner’s Office (ICO) and found that 47 per cent of UK adults now use their personal laptops or tablets for work-related purposes.

Email is the most common task carried out, but 37 per cent use their own devices to edit work documents, while a similar proportion store work documents.

However, fewer than three in ten people taking part in BYOD have received guidance on how to keep personal information safe in a manner that complies with the Data Protection Act while doing so.

The ICO warned that people may not understand how to take care of potentially sensitive information – and may not even be aware that they are putting it at risk on unsecured hardware.

"Many of the common daily tasks we would have previously carried out on the office computer can now be worked on remotely. While these changes offer significant benefits to organisations, employers must have adequate controls in place to make sure this information is kept secure," said the ICO’s Simon Rice.

Although he acknowledged that this may require some investment, perhaps the use of offsite backup storage services, he pointed out that it will be significantly less than the cost of a real data breach.

The ICO has published guidance urging employers to know where their data is stored and ensure that gadgets will be secure if they are lost or stolen.

Fiberlink president Christopher Clark recently said that organisations need to be just as concerned about user privacy as they are about the security of corporate data, particularly with the emergence of stop-gap technologies and BYOD.

Dajon Data Management will be able to help with data security by carrying out a tailored assessment of company requirements and then implementing them with minimal disruption.