Tablets and other placebos
Using personal devices in the workplace could be risky business if your firm doesn't have an up-to-date policy in place, says Mick Jones
Tablets seemed to be in fashion this summer. Wherever you went in London, the demand for these overgrown phones was evident. And on my late-August visit to Giverny, the gardens of impressionist painter Claude Monet, I noticed they were everywhere, and clearly the camera of choice too. Monet's water lilies were surrounded by a tablet-waving horde of tourists. I'm sure he would have approved.
So what is it with tablets? They are small but bigger than a phone with no mouse and touch screen. You can get keyboards, if you really must, normally connecting via Bluetooth. Their purpose is to consume content from a variety of sources, from the internet and via apps. The Android operating system enables apps to be downloaded to provide you with almost anything you want: video, music, books, games, calendars, etc. Some of them are free.
Android is a Linux-based operating system now owned by Google but originally it was supported and financed by them. To make it work you do need an email account and a means of paying for the app. One really annoying point with apps is that Android forces you to agree to every permission an app wants, rather than needs. If you want to use the app, you have no choice. This can be quite demanding for the free ones.
The Trip Advisor app, for example, seems to require app permissions that include full network access: system tools to prevent your tablet or phone from sleeping and details of your location that include approximate network-based location and precise GPS location. The Skyscanner app requests the ability to modify or delete contents of your USB storage. All these requests are potentially harmless. But then there is BYOD (bring your own device).
Who's in control?
You have your lovely tablet and you take it to work with you. Why not? If it has the right SIM in it, you can use it as a phone. I'm quite partial to watching Sky News via Sky Go on my tablet at lunchtime. However, there are issues with BYOD, which have to be taken seriously in a workplace. The key issue is that I own my tablet and my smartphone, but if I use them for work then I may have access to data for which I am not the data controller.
The Information Commissioner's Office (ICO) is helpful here and issues guidance. The key area of concern is that the data controller must at all times ensure that the processing of personal data remains under their control. If you use your phone or tablet at work, you may find that contacts are downloaded.
You may need work-related Outlook contacts on your phone, for example. If you do, you should restrict the apps you use to ones that don't require access to contacts - something that a lot of free apps will require. Data controllers must indeed be well aware of the personal use of such devices and ensure that technical and organisational controls used to protect personal data remain proportionate to the risks involved.
A data controller may find themselves in a difficult position. There will be demands from staff at all levels to use smartphones and/or tablets in an office environment. The ICO suggests that data controllers should consider the following issues when developing policy:
-
what type of data is held
-
where data may be stored
-
how it is transferred
-
the potential for data leakage
-
any blurring of personal and business use
-
the device's security capacities
-
what to do if the person who owns the device leaves their employment; and
-
how to deal with the loss, theft, failure and support of a device.
Tablets can be fun and offer a good alternative mode of access for the internet. However, if they, or smartphones, are used in the workplace, it may be time to review your BYOD policy - that is if you have one.
Mick Jones is managing director of thewealthworks
He writes a regular blog about technology for Private Client Adviser