UK government refreshes BYOD guidelines

UK government refreshes BYOD guidelines

The UK government's National Technical Authority for Information Assurance (CESG) has announced that it has updated its guidance on bring-your-own-device (BYOD) policies.

It claims that the move has come in response to the rapid increase in the use of mobile devices, as well as the growth of remote and flexible working practices, which many businesses have found to be highly useful in heightening levels of morale and productivity.

In response, there have been a number of legal considerations for many organisations, including the government itself.

While the implementation of an effective mobile device management policy is always advisable for any organisation looking to implement a mobile strategy with their working, the CESG has urged decision makers to get a better grasp of the relevant legal issues.

The subject of data security has become something of a hot topic in recent months, with a number of firms having to ensure they adhere to a number of compliance requirements to help prevent any breaches of information.

And CESG has since urged organisations to help keep up high standards of data security by limiting the amount of information shared by devices within their network and consider technical controls, as well as any contingency plans for a potential breach.   

In a recent guidance document, the organisation said: “The legal responsibility for protecting personal information is with the data controller, not the device owner.

“The Information Commissioner’s Office (ICO) can compose fines of up to £500,000 for serious data breaches."

One problem area highlighted by the CESG is the use of personal devices, which when lost or stolen could pose a risk to the security of an organisation's network, meaning that organisations need to have a greater hold on any potential threats and how they can be managed.  

It added: “Plan for and rehearse incidents where a personally owned device that has access to sensitive business information is lost, stolen or compromised."