The Information Commissioner's Office (ICO) is ordering a clamp down on the use of personal devices in the workplace after a member of staff at the Royal Veterinary College (RVC) lost a camera containing images of six job applicants.
The images were on a flash memory card and went missing last December, and the organisation quickly realised it had no guidance in place to cover the loss of personal property.
Despite the minor nature of the incident, as the applicants could not be identified by name, the ICO has warned the college it needs to tighten up its personal device policies.
The ICO has told the RVC it must have encryption on all portable devices by 30 April 2014. Furthermore, it must offer training on the Data Protection Act to all staff on an annual basis by that time.
"Organisations must be aware of how people are now storing and using personal information for work and the Royal Veterinary College failed to do this," said the ICO's head of enforcement, Stephen Eckersley.
"It is clear more and more people are now using a personal device, particularly their mobile phones and tablets, for work purposes so it's crucial employers are providing guidance and training to staff which covers this use," he said.
"We have published guidance on this growing trend, commonly known as Bring Your Own Device (BYOD), and we would urge all organisations to make sure they follow our recommendations by ensuring their data protection policies reflect the way many of us are now using personal devices for work."
The ICO said when allowing staff to use personal devices for work purposes, organisations must be clear about which types of personal data can be processed on the devices. They must also use strong passwords to secure the devices and enable encryption to store data on the device securely.
It also said using public cloud-based sharing and public backup services should be done with "extreme caution, if at all".
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
-
Experts question sheer scale of data storage required by Snooper's CharterNews Who will foot bill for physical infrastructure to house UK's browsing histories?
-
Snapchat's T&Cs update could put user data at riskNews Kaspersky said giving the service permission to share pictures with third parties could lead to a serious breach of privacy
-
Transport Systems Catapult launches data sources catalogueNews Intelligent Mobility Data Index could push forward smart transport innovation in the UK
