It’s important to note that the legal responsibility for protecting other people’s personal information is with the data controller, not the device owner, therefore it is organisations who are vulnerable if there is a breach of security or a device is lost.
Given that fines of up to £500,000 can be imposed by the Information Commissioner’s Office (ICO) for serious data breaches, it’s a matter not to be taken lightly.
If the worst does happen - and there have been various high profile cases – and an individual leaves a laptop in a taxi, or has a mobile phone stolen, businesses should have plans in place to quickly and effectively revoke access and remotely wipe sensitive data before it gets into the wrong hands.
Similarly, risks need to be managed in terms of devices using cloud-based storage, where the automated back-up can lead to data being shared unintentionally with other users.
In addition, whereas previously an organisation would no doubt have an in-house preference for particular operating systems or technology, the vastly differing number of personal devices now being used also necessitates a change of thinking, not to mention increased levels of IT support.
Any security controls previously applied to corporately-owned devices now need to be applied to personal devices too and the downside is that this can lead to issues of trust between employees and IT control.