We use cookies to make your experience of our website better. Some of these are set by third party Google Analytics to help us analyse website traffic. To comply with privacy regulations, we require your consent to set these cookies. If you continue to use the site without selecting an option we will assume you are happy for us to use cookies.

Mobile Working: Security and Culture

Mobile Working: Security and Culture

I was delighted to be asked by Scot-Tech Engagement to talk about the legal implications of implementing a mobile working strategy at the Mobile Scotland Event in Edinburgh this week. The event brought together a wide audience from service users to providers of mobile working solutions.

Critically, whatever mobile working strategy is chosen by an organisation, security of business data whether it be personal information or business know-how has to be embedded at the foundation of the approach.

The security agenda is really important from a compliance perspective (where I come in!). Each organisation will likely have their own sector dependant legal or regulatory obligations, but generally speaking, the Data Protection Act is a good starting point to underpin any strategy, and understanding the Act’s requirements is essential if you are using personal data on the move.

In fact, the vast majority of enforcement action by the ICO to date resulting in monetary penalties has been for security breaches (being a breach of principle 7 of the DPA that “appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”). Security breaches resulting in fines have ranged from erroneously uploading data when working from a home computer to loss of sensitive personal data through lost storage devices.  I’ve summarised the key fines in 2014 in our 2014 review note available here.

That’s all pretty obvious if you are in the IT sector. But what was really interesting to hear at the event was an understanding that culture within a business is a key part to solving the security dilemma of mobile working. The overwhelming message from the event was that “one size does not fit all” when determining what mobile working strategy will work for a particular organisation.

Engagement with staff to understand their needs is important. But identification of what data is used by staff is also relevant to work out what strategy is fit for purpose both from a usability perspective but also a security standpoint. That should, in turn, help to engender a culture of security within an organisation.

Whatever way you look at and whatever strategy you elect to use, it’s clear that mobile working isn’t going to go away with workers having an expectation of being able to work flexibly on the move and at home.

Ross McKenzie