Presentation is loading. Please wait.

Presentation is loading. Please wait.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

Published byLily Rich Modified over 9 years ago

Similar presentations

Presentation on theme: "BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer."— Presentation transcript:

1 BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer

2 The ICO’s mission “uphold information rights in the public interest”: Openness by public bodies: Freedom of Information Act Environmental Information Regulations Privacy for individuals: Privacy and Electronic Communications Regulations (PECR) Data Protection Act (DPA)

3 The DPA in one slide: It’s about personal data You have to use it fairly and lawfully: act reasonably You have to be open about what you do with it You have to give people access to their own data You have to keep it secure

4 A typical mobile device Portable Personal Always-on Frequently-used Internet: Wifi / cell Camera Mic NFC, Bluetooth, GPS, accelerometer OS + Apps ecosystem

5 Typical aspects of BYOD One or more of the following: –User/employee chooses, purchases, owns, maintains, or supports the device So what is the role of the Data Controller?

6 Why consider BYOD? Possible BenefitsPossible Risks Reduced hardware costIncreased support cost of diverse hardware and software More flexible and efficient working Blurring work and personal use affects privacy (email, contacts, SMS, GPS, VPN) Greater employee satisfactionWhat about those who don’t want to (or can’t) bring their own device? Data loss / fragmentation Security exploits: data leak / theft; man-in-the-middle; malware

7 When, not if?

8 Controlling BYOD Key areas to consider: 1. Policy –Does everyone know what they should (and should not) be doing? 2.Where is the personal data stored? 3.How is the data transferred? 4.How will you control and secure the device?

9 Policy Acceptable use policy Social media policy Users must understand their responsibilities Requires input from IT, HR, TU & end users How will you monitor compliance?

10 Where does data reside? Depends on what setup you choose: –Data on the device Internal or external? –Data on the organisation's network Local caching? –Cloud Private Community Public

11 How is the data transferred? How do you transfer data to devices? –3G, Wi-Fi, Wired connection –HTTP, HTTPS, VPN, other encryption –MAC address filtering –IM, Skype or similar –Cloud-based service –File transfer or email attachment –Direct connection or via proxy –USB or CD

12 How do you control and secure the device? Who owns the device? What OS is it running? (and who decides?) Who else has access to it? What else is it used for? What if it gets lost? (remote deletion?) Onward transfer of data or device itself?

13 Privacy of the user By definition, some BYOD use will be personal –May also be used by other individuals (e.g. family members) Consider how to protect the users’ privacy if you use: –a traffic monitoring tool –geo-location monitoring –data loss prevention software

14 Other legal obligations? BYOD could lead to disparate copies of data in disparate locations Data Protection: –Subject access rights –Adequate, relevant and not excessive –Accuracy Freedom Of Information: –Can you search for the data? –Can you access the data?

15 Questions? ICO’s guidance on BYOD (and lots more) can be found at our website www.ico.org.ukwww.ico.org.uk

16 www.twitter.com/icon ews Keep in touch Subscribe to our e-newsletter at www.ico.gov.uk or find us on…

Download ppt "BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer."

Similar presentations

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.
Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.

Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.
Security for Mobile Devices

Security for Mobile Devices
Cambridge Nationals R001 Revision Guide – June 2014.

Cambridge Nationals R001 Revision Guide – June 2014.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Big Data and data protection

Big Data and data protection
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Smartphones. Lesson Objectives To understand and demonstrate an understanding of Smartphones.

Smartphones. Lesson Objectives To understand and demonstrate an understanding of Smartphones.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

Similar presentations

Ads by Google