Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'
Upcoming SlideShare
Loading in...5
×
 

Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'

on

  • 275 views

Slides from presentation by Betty Willder, Jisc Legal on BYOD

Slides from presentation by Betty Willder, Jisc Legal on BYOD

Statistics

Views

Total Views
275
Views on SlideShare
275
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum' Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum' Presentation Transcript

  • BYOD Where does institutional liability end ? 26 June 2013 RSC Eastern Technical managers Forum
  • Hello! Betty Willder info@jisclegal.ac.uk 0141 548 4939 www.jisclegal.ac.uk http://twitter.com/JISCLegal
  • About Jisc Legal • Role: to avoid legal issues becoming a barrier to the use of technology in tertiary education • Information service: we cannot take decisions for you when you are faced with a risk
  • “ … 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices…” http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices07032013.aspx
  • The Issues Copyright (using other people’s stuff) Data protection (respecting privacy) e-Safety (protecting users) e-Security (protecting the organisation)
  • The Difference Not linked to place (mobile!) Personal, invasive and pervasive Own device Combines access and communication
  • What’s the biggest issue about mobile? 1. 2. 3. 4. 5. Copyright Data protection e-Safety e-Security Haggis 0% 0% 0% 1. 2. 3. 0% 0% 4. 5.
  • Copyright & Mobile Devices be ‘appy’ with your apps T&Cs ‘Personal use’ Per device, per user, multi-use
  • Do you have a mobile device with copyright infringing content with you? 1. Can I call my lawyer? 2. Maybe. 3. I’m looking around to see what option others are pressing. 4. Yes. 5. Definitely not, guv. Honest. 0% 1 0% 0% 2 3 0% 0% 4 5
  • Data Protection & BYOD Compliance and privacy Purposes / purpose creep Surveillance Marketing - PECRs
  • “ … 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices…” http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices07032013.aspx
  • e-Safety & Mobile Devices Enables new, pervasive communication Anonymity and access Duty of care Criminal offences
  • e-Security & Mobile Devices BYOD BYOVRD LYOD DP, liability, breach of T&Cs
  • The college/employer legal obligations • Statutory obligations to comply with various pieces of law • Common law obligation of duty of care
  • Statutory Obligations • Difficult to meet them if systems are not technically up to date using latest standards etc • Data protection probably most risky area • Help available on BYOD – ICO guidance
  • So where does college liability end? 1. It extends to all permitted mobiles 2. Only to staff mobiles not students’ 3. Not our mobiles – not our responsibility 4. It depends 5. In tears 0% 1 0% 0% 2 3 0% 0% 4 5
  • The employee legal obligations • The employee ‘is’ the college • Any personal liability? • College needs to rely on its employment contracts, behavioural policies and disciplinary policies • BYOD is about people, not devices
  • The student’s legal obligations • • • • The student ‘is not’ the college but… …accesses college licensed materials, college personal data, e safety, e-security College needs to rely on its student contract, behavioural policies and disciplinary policies Common law obligation of duty of care
  • The JISC Legal BYOD Toolkit – what’s in it?
  • BYOD Toolkit (1 May 2013) Jisc Legal has published a BYOD toolkit in response to the rise in learners and employees using their personal computing devices (typically smart phones and tablets) in the work and learning environment. The toolkit includes a variety of resources: 1. Your Staff, Mobile Devices, Law and Liability To some extent bring your own device (BYOD) is already happening in your institution. Staff are already using their mobile devices to access their work emails, papers and documents from off campus. This paper focuses on the legal issues surrounding staff bringing their own devices. 2. Your Students, Mobile Devices, Law and Liability Students will increasingly expect that all information and services currently available from a university or college desktop will be available to them via their mobile device. At the same time, institutions will want to ensure that systems and information are secure, and users adhere to policies on access to systems. This paper focuses on the legal issues surrounding student mobile use. 3. Risk, Liability and Mobile Devices This paper provides a quick reference for managers as to the main legal risks which need to be assessed against your institution’s risk strategy before opening your institution’s ICT system to mobile access by staff and students using their own devices. 4. Bring Your Own Device Policy Template for Further Education The BYOD Policy template is intended as a guide to help providers write an effective policy that states what their institution's approach is to the use of personally owned devices by staff and learners.
  • New Guidance
  • FAQ: Can we seize and forensically analyse a staff or student’s device in the case of suspected misuse? 1. Yes our policy says we can 2. No- only the police can do this under warrant 3. Maybe if the circumstances are serious enough 4. I’m looking around to see what option others are pressing. 0% 1 0% 2 0% 3 0% 4
  • Policies • BYOD • DP AUP/student behaviour • Staff procedures – dp, copyright, safeguarding, e-safety… • Disciplinary policies • Publicise and enforce!
  • Enforcing your policies • If want to rely on them, need to have them in place! • Need to be fair – consultation? • Consistently enforced • Very challenging in BYOD • Use technology
  • Any Questions ? http://jiscleg.al/BYODToolkit