Table of Contents
Managing how staff use their personal mobile phones or other electronic devices at work can be challenging. Given the widespread availability of mobile phones, there is a natural overlap between performing work on work devices and personal smartphones. If your staff use their mobile phone in the workplace, there are issues around data protection rules which you must understand. This article will explore ways to manage staff using their personal mobile phones and other electronic devices at work and relevant data protection laws to note.
Personal Mobile Phones in the Workplace
Personal mobile phones are becoming common in the workplace for two main reasons:
- people can use their personal devices to access work emails; and
- the increase in home working has blurred the lines between work devices and personal devices.
For example, it is now more common for individuals to log into work networks from personal mobile phones or laptops. However, while many of your employees may have a work laptop, they may not have a work mobile phone.
Employees’ Use of Personal Mobiles
Although employees accessing work-related emails and information on personal devices can provide flexibility for your business, it can cause issues in several ways, including:
(a) blurring work information from personal information;
(b) being able to access, store and process confidential information; and
(c) security risks on personal devices if they do not have adequate antivirus protection.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Separating Work Information From Personal Information
Your company must secure and protect all data it processes or retains, but it is still important to separate work information from personal information. This avoids complications when asking your employee to delete work-related information, particularly when they leave your business.
For example, suppose an employee is due to leave your company in two weeks and has used their mobile phone to contact key clients during their employment. An issue can arise regarding who owns the contacts list in your employee’s digital address book. If the information is on a work mobile phone, you can easily argue that the phone, including the contact list, is the property of your business. However, the lines become blurred when the data is on their personal mobile phone.
LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.
Security Risks When Employees Use Their Mobiles
The Information Commissioner’s Office (ICO), the legal body that regulates data protection, warns of the consequences of employees using less secure devices.
Some individuals do not use passwords on their phones, and some tend to send sensitive information insecurely. In comparison, most work devices have in-built anti-virus software and restrictions that limit sensitive information transmission.
There is also an increased risk of theft or accidental loss of a mobile phone compared to a work laptop. This can jeopardise your business’ private data and any confidential information that your employee had stored on their personal device. Additionally, if their device is stolen, it may be difficult to identify who may have gained access to the information.
Also, a cross-border transfer of data can occur if your employee goes on holiday with their mobile phone. This would put your company’s data in another country and potentially breach data protection rules like those in the GDPR.
ControllingData
As a UK employer, you are responsible for taking appropriate steps to safeguard against business data loss.
You may consider conducting a ‘data audit’, which involves finding out the following:
(a) which devices employees use;
(b) what data exists on those devices;
(c) whether others have access to those devices;
(d) how access to company data occurs on those devices; and
(e) the risks of data being leaked or stolen, such as device loss.
You could also create a Bring Your Own Devices (BYOD) policy for your workplace, which will set out what is and is not considered acceptable use. A BYOD policy should also:
- detail what staff should do if a personal mobile device used for work purposes is lost or stolen; and
- set out rules for what happens to company information on personal devices when a staff member leaves your business.
Key Takeaways
If your staff use their mobile devices for work purposes, you will need to understand the risks and relevant data protection rules that apply. For example, there are greater security risks when individuals access work information on their personal phones and do not have adequate anti-virus software. A fundamental way to manage personal device usage is through a Bring Your Own Device (BYOD) policy. This policy might detail how your business owns work-related information, even if your employee stores it on their personal phone. Likewise, your policy might specify the rules for when an employee leaves your business and the process for obtaining information from their personal devices.
If you need help with data protection rules, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
When employees use personal devices for work purposes, there are increased risks of data protection and security breaches for your business.
To mitigate the risks of staff using a personal device for work purposes, you could, for example, conduct a data audit at work.
We appreciate your feedback – your submission has been successfully received.