A new frontier in the boundary between professional and private life – solicitors’ undertakings
As the use of mobile devices by employees increases, so too do the risks to businesses of data breaches and a failure to comply with the Data Protection Act 1998 (“DPA”).
The Information Commissioner believes that ever more popular mobile working practices will enhance both the “potential attack surface” for hackers and the risk of data breaches. The DPA requires data controllers to take “appropriate technical and organisational measures…against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”.
The recent travails of TalkTalk are a potent reminder that the reputational risks of data breaches are also high for businesses. In addition to the number of management hours that can be lost, a recent survey by PwC found that, on average, businesses lost 13-24 man days in responding to each data breach at a cost of £3,000 - £10,000; there is great incentive to ensure that breaches are prevented rather than cured.
Therefore, what can and should businesses be doing to protect themselves as mobile working increases?
If you are considering a ‘bring your own device’ (“BYOD”) approach, then take special care. In particular:
The use of laptops for mobile working has even greater potential for data breaches, given the large storage capacity and the more substantive work generally carried out on them. As such, employers should bear these suggestions in mind:
A final suggestion relevant to all mobile devices is to prohibit employees from using unsecured Wi-Fi networks that are often provided for free in public places. It is relatively straightforward for hackers to intercept data on such networks and when the employee is abroad, there are added risks in that the servers may be in countries which are not deemed to have “adequate levels of protection”. A mobile data roaming package for employees may be expensive, but could prove an invaluable investment.
In practice, mobile device security can be difficult to control both in terms of fast-changing technology and user practices, which are often casual and not mindful of data security. However there are steps that employers can take to minimise the risk of breaches and to protect themselves from the worst happening.
This article first appeared on www.realbusiness.co.uk.
For further information, please visit our Data Protection page.
Skip to content Home About Us Insights Services Contact Accessibility