0203 319 1649


Bring Your Own Device:
Protecting Business Data Held on Employee-owned Devices

We wrote recently about the ownership of business contacts which are held in an employee’s personal social media account but actually there is a bigger threat to the control of business information.

A survey has been released by Ovum stating that 67% of employees who own a smartphone and 69% of employees who own a tablet use them for work purposes.  This has made us think about the business implications of these practices. It could appear that this is an IT issue but, for us, any area that needs to be covered by policy is an HR issue!

Need help with Employment Policies?
Get In Touch


There are obviously benefits to both employers and employees when employees use their own devices for work purposes.  From the employer’s perspective, they can see increased productivity and save money by not having to provide staff with phones or tablets.  From the employee’s perspective, they don’t need to carry two different phones around with them and can reduce their expenditure by charging the phone costs back to the company.

Lost or stolen data

The biggest downside to employees using their personal devices for work purposes is that the company loses all control over how information is stored and protected.

Phones and tablets are easily lost and stolen and the company would have no idea what information was on the device.  The employee may actually choose not to tell the employer that the device was stolen/lost and therefore the company may be blissfully unaware that confidential information was in the hands of who knows who.

Data protection issues

Under the Data Protection Act 1998 (DPA), an employer has key responsibilities when it comes to managing and protecting data.

If a mobile device held personal data relating to staff or clients and the device were to be lost, then the employer would have a responsibility to report the breach to the Information Commissioners Office (ICO) and demonstrate that it had secured, controlled or deleted all personal data that was on the device.

In addition, many mobile phones back-up to the cloud which can also prevent a challenge.  Data controllers have a responsibility to ensure that all data is kept within the European Economic Area so if the cloud service used was US-based then this may breach this requirement.

Options to prevent problems

You could simply take the position that you don’t want your business data to be stored on personal devices and therefore tell people that they can’t use personal devices for business purposes.  If this is the route that’s best for your business, you’ll need to be able to provide business owned devices if there is a need for your staff to be contactable for work purposes when they are outside of the office.

If you choose to allow employees to use personal devices for work purposes then, as with so many business practices, the first step to protecting your business is to ensure that you have a clear HR policy in place.

Bring-your-own-device policy requirements

The policy needs to set out the requirements on individuals in relation to using their personal devices for work purposes. Some things that you should consider are:

  • Registration – do you want staff to register that they are using their phone for work purposes?
  • Lost or stolen procedure – what should staff do should the device be lost or stolen?
  • Data Management – what will you be doing to ensure that your data is managed appropriately?
  • End of employment – how will you ensure that all data is removed from personal devices at the end of employment?

The ICO has recently issued guidelines regarding bring your device schemes and we recommend that you take a look at this.

If you’d like any support in implementing a bring your own device scheme then feel free to give us a call on 0203 319 1649 or complete our contact form and one of our consultants will be in touch.

If you’d like help with HR Policies, Data Protection or any other HR matter, contact us on 0203 319 1649 or use the form below.

Contact Us

If you’d like help with <> or any other HR matter, contact us on 0203 319 1649 or fill in the form below.

Contact Us

Why not sign up to our blog alerts so you are notified when we post any news or announcements?

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Google Maps
Consent to display content from Google

0203 319 1649


Cart Overview