Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'

267 views
211 views

Published on

Slides from presentation by Betty Willder, Jisc Legal on BYOD

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
267
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'

  1. 1. BYOD Where does institutional liability end ? 26 June 2013 RSC Eastern Technical managers Forum
  2. 2. Hello! Betty Willder info@jisclegal.ac.uk 0141 548 4939 www.jisclegal.ac.uk http://twitter.com/JISCLegal
  3. 3. About Jisc Legal • Role: to avoid legal issues becoming a barrier to the use of technology in tertiary education • Information service: we cannot take decisions for you when you are faced with a risk
  4. 4. “ … 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices…” http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices07032013.aspx
  5. 5. The Issues Copyright (using other people’s stuff) Data protection (respecting privacy) e-Safety (protecting users) e-Security (protecting the organisation)
  6. 6. The Difference Not linked to place (mobile!) Personal, invasive and pervasive Own device Combines access and communication
  7. 7. What’s the biggest issue about mobile? 1. 2. 3. 4. 5. Copyright Data protection e-Safety e-Security Haggis 0% 0% 0% 1. 2. 3. 0% 0% 4. 5.
  8. 8. Copyright & Mobile Devices be ‘appy’ with your apps T&Cs ‘Personal use’ Per device, per user, multi-use
  9. 9. Do you have a mobile device with copyright infringing content with you? 1. Can I call my lawyer? 2. Maybe. 3. I’m looking around to see what option others are pressing. 4. Yes. 5. Definitely not, guv. Honest. 0% 1 0% 0% 2 3 0% 0% 4 5
  10. 10. Data Protection & BYOD Compliance and privacy Purposes / purpose creep Surveillance Marketing - PECRs
  11. 11. “ … 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices…” http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices07032013.aspx
  12. 12. e-Safety & Mobile Devices Enables new, pervasive communication Anonymity and access Duty of care Criminal offences
  13. 13. e-Security & Mobile Devices BYOD BYOVRD LYOD DP, liability, breach of T&Cs
  14. 14. The college/employer legal obligations • Statutory obligations to comply with various pieces of law • Common law obligation of duty of care
  15. 15. Statutory Obligations • Difficult to meet them if systems are not technically up to date using latest standards etc • Data protection probably most risky area • Help available on BYOD – ICO guidance
  16. 16. So where does college liability end? 1. It extends to all permitted mobiles 2. Only to staff mobiles not students’ 3. Not our mobiles – not our responsibility 4. It depends 5. In tears 0% 1 0% 0% 2 3 0% 0% 4 5
  17. 17. The employee legal obligations • The employee ‘is’ the college • Any personal liability? • College needs to rely on its employment contracts, behavioural policies and disciplinary policies • BYOD is about people, not devices
  18. 18. The student’s legal obligations • • • • The student ‘is not’ the college but… …accesses college licensed materials, college personal data, e safety, e-security College needs to rely on its student contract, behavioural policies and disciplinary policies Common law obligation of duty of care
  19. 19. The JISC Legal BYOD Toolkit – what’s in it?
  20. 20. BYOD Toolkit (1 May 2013) Jisc Legal has published a BYOD toolkit in response to the rise in learners and employees using their personal computing devices (typically smart phones and tablets) in the work and learning environment. The toolkit includes a variety of resources: 1. Your Staff, Mobile Devices, Law and Liability To some extent bring your own device (BYOD) is already happening in your institution. Staff are already using their mobile devices to access their work emails, papers and documents from off campus. This paper focuses on the legal issues surrounding staff bringing their own devices. 2. Your Students, Mobile Devices, Law and Liability Students will increasingly expect that all information and services currently available from a university or college desktop will be available to them via their mobile device. At the same time, institutions will want to ensure that systems and information are secure, and users adhere to policies on access to systems. This paper focuses on the legal issues surrounding student mobile use. 3. Risk, Liability and Mobile Devices This paper provides a quick reference for managers as to the main legal risks which need to be assessed against your institution’s risk strategy before opening your institution’s ICT system to mobile access by staff and students using their own devices. 4. Bring Your Own Device Policy Template for Further Education The BYOD Policy template is intended as a guide to help providers write an effective policy that states what their institution's approach is to the use of personally owned devices by staff and learners.
  21. 21. New Guidance
  22. 22. FAQ: Can we seize and forensically analyse a staff or student’s device in the case of suspected misuse? 1. Yes our policy says we can 2. No- only the police can do this under warrant 3. Maybe if the circumstances are serious enough 4. I’m looking around to see what option others are pressing. 0% 1 0% 2 0% 3 0% 4
  23. 23. Policies • BYOD • DP AUP/student behaviour • Staff procedures – dp, copyright, safeguarding, e-safety… • Disciplinary policies • Publicise and enforce!
  24. 24. Enforcing your policies • If want to rely on them, need to have them in place! • Need to be fair – consultation? • Consistently enforced • Very challenging in BYOD • Use technology
  25. 25. Any Questions ? http://jiscleg.al/BYODToolkit

×