I've been thinking about BYOD from the perspective of education organisations (who have been doing it, either consciously or not, for at least a decade). Blog posts and talks are linked from https://community.ja.net/blogs/regulatory-developments/BYOD.
Next post (currently in bullet point form) will be on deriving your policy on BYOD from your policy on organisation-owned mobile devices. Essentially, look at the controls you currently implement on the organisation-owned mobile device, then discuss with users which of those would be acceptable on a device they own (and may lend to family members - note that the ICO is worried about location tracking or DPI in those circumstances) and discuss with information owners whether they are happy to rely on device owners, rather than company IT, to manage those controls. If either group says no then you may want to review whether your servers actually allow BYODs to get at that data and, if so, consider whether you want to limit that access on the server or network side (which the organisation does still control).
Comments very welcome on any of that
And JISCLegal have a BYOD toolkit, including a policy template at http://www.jisclegal.ac.uk/Themes/MobileTechnologiesandBYOD.aspx
HTH
Andrew
--
Andrew Cormack
Chief Regulatory Adviser, Janet
t: +44 1235 822302
b: https://community.ja.net/blogs/regulatory-developments
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is
registered in England under No.2881024 and whose Registered Office is at Lumen House, Library
Avenue, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG. VAT No. 614944238
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Jessica Robson
> Sent: 24 October 2013 16:59
> To: [log in to unmask]
> Subject: BYOD policy
>
> Hi all,
>
> Has anyone implemented a BYOD policy? Or have you decided not to
> implement one?
>
> Is anyone prepared to share their Policy or experiences please?
>
> Many thanks
>
> Jessica Robson
>
> Information Governance Manager
> The Royal Marsden NHS Foundation Trust
>
> [log in to unmask]
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the
> list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|