Canada privacy commissioner issues BYOD warning for businesses
Updated The Office of the Privacy Commissioner of Canada, alongside the equivalents for the states of British Columbia and Alberta, have issued a document offering guidance for companies looking to implement BYOD programs.
Citing “an increased blurring of the lines between professional and personal lives” and “employee concerns that privacy is at risk”, the 16 page missive goes through the various stages of rollout, from getting senior management onside, to privacy impact and threat risk assessments, and testing and enforcing policy.
The majority of the advice, which is aimed at more of an entry-level audience, is sound: pilot the program to assess its risks and benefits before a full-scale rollout; mitigating risks of BYOD through containerisation; as well as addressing malware. Training materials for employees is also encouraged, ranging from authentication and authorisation to device administration and encryption. This was one of the key components when Schiphol Airport, in Amsterdam, moved over to a BYOD program last year.
The report concludes with similarly sensible advice. “If an organisation chooses to put in place a BYOD program, it should be implemented on a case by case basis, with an organisation being able to demonstrate that it can safely, securely, and responsibly address the unique privacy and security issues for that organisation,” it reads.
Recent research suggests this report may be a little late, as CompTIA argued in July there was a “clear move” towards a no bring your own device policy in workplaces. 34% of companies surveyed in 2013 banned it outright, a number which has risen to 53% in 2015.
The document also mentions – but does not address – corporate owned personally enabled (COPE) policy, arguing while it “may be an attempt to mitigate some of the privacy and security risks associated with BYOD, [it] is not necessarily more secure, as it still involves the use of a single device for professional and personal use.”
Philippe Winthrop, global evangelist at CSC Mobility and a long-time advocate of COPE, argues this description is ‘frustrating’ and adds government bodies ‘provide guidance and develop laws around technologies that they simply do not understand.’
“There really should be no debate around whether BYOD is more or less secure than COPE,” he told Enterprise AppsTech in an email. “The BYOD vs COPE debate is an ownership issue and a privacy issue...not a security issue. There is simply no difference between the iPhone 6 that I bought myself vs the iPhone 6 that my employer may have provided me.”
You can read the full report here.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » The importance of building an integrated AI-human cybersecurity strategy
- » It’s not me, but it is probably you: How IT still views employees with contempt on cybersecurity
- » Google unveils new G Suite app ‘Currents’ with enterprise flavour
- » Why wearables need to be seen as the latest wave of enterprise lifecycle technology
- » CXOs increasingly suspicious of employees when it comes to data breaches