Bring your own device (BYOD)

Lara Nichols recognises the advantages gained to the business and the efficiency of its employees through arranging flexible working arrangements as allowing employees to bring their own device into the business and permitting them to use their property to undertake their day to day working activities.

However, employees must not use their own initiative to use these devices for business purposes.

Permitted devices

  • Only authorised personally owned devices are permitted for use in the business of the the company.
  • The use of personal mobile phones, smartphones, personal tablets and laptops must first be authorised by Managing Director. Contact the Finance Manager in the first instance.
  • Only devices that are capable of running up-to-date operating systems will be permitted. Contact Managing Director if you need details.
  • Authorisation will not be given if other members of your family have access to the device.
  • Lara Nichols expects that authorised devices will be used during your working day as part of your day to day duties.
  • Your devices can be used for personal use, of course, as well as for business use.

Availability

  • You must agree with your your line manager whether or not, or when, you may be available for contact outside the working day.
  • Personal use of the device must be restricted to lunch and break times other than for exceptional emergency contact.
  • If your contact hours extend beyond the normal working day, this should be agreed in your terms and conditions of employment.
  • Contact hours must not affect your wellbeing.

Security

  • Devices must be protected by industry-standard anti-virus and firewall software. If in doubt seek advice from Managing Director.
  • You must have administrator rights on your device and not provide those rights to other parties.
  • Other users of the device must not have access to any VPN (Virtual Private Network).
  • You must ensure that you password protect all devices on all occasions.
  • All passwords must contain at least six characters a capital letter and a number or symbol to ensure the strength of the password is strong, subject to any further advice from Managing Director.
  • Where available you can use Touch ID as an additional security measure.
  • Login names and passwords must not be disclosed to anyone other than the Managing Director or Managing Director.
  • You are responsible for being aware of the possibility of spoof emails or calls purporting to be from IT staff or companies.
  • You must know where your personal devices are on all occasions, such equipment must not be left unattended.
  • In the event that you lose your device or the device is stolen then this must be reported to the Managing Director and Managing Director as a matter of urgency.
  • In the case of lost devices Lara Nichols reserves the right to delete all data where this is possible.

Data ownership and storage

  • All data that is processed on your device is to be in compliance with the Data Protection Act 1998 (DPA) and the GDPR. Seek advice from the Finance Manager if necessary.
  • The the Managing Director (or Data Controller) will remain in control of all business personal data regardless of the ownership of the device used to carry out the processing.
  • Business personal data is defined as that acquired in the process of your work responsibilities, is owned by the the company and must be relinquished on leaving the the company.
  • Personal data (e.g. from social contacts but relevant to the business) brought to the the company by you may be retained by you as well as by the company.
  • If you want to containerise data so that personal data is not available to the the company then seek advice from Managing Director.
  • If you do not containerise personal data, then it must not be regarded as private.
  • Both the DPA and the GDPR require the the Managing Director or data controller to take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of personal data of, or damage to, personal data. You must comply with any additional requirements specified from time to time.
  • All information (i.e. including business personal data) must be stored on the the company drives or servers.  Some business data may be stored on individual devices whilst work is being completed (only).
  • Data may be stored on the Cloud provided it can also be accessed by the the company. You may need advice from Managing Director in order to comply.
  • Data sharing. Any data sharing principles (Dropbox, sharepoint, Microsoft Teams, etc) will be set by Managing Director and you must follow these closely. This protects data from duplication, version confusion and omission.

On leaving employment

  • You understand and accept that should you leave our employment the device must be returned to the offices or Managing Director so that any business information can be removed from the device.
  • Applications (Apps) that are bought will be your property as the owner of the device and not Lara Nichols.
  • Access to business data on Apps is to be removed on leaving the company. The data itself must remain accessible to the the company.
  • While company contacts may remain on your device when you leave you are reminded that you may have covenants in place protecting their use.

Failure to follow the BYOD policy can lead to disciplinary action or, in very rare cases, legal action.

This policy will be subject to regular review to ensure that it provides security to Lara Nichols and its clients as well as following best practise in relation to such matters.

 

 

This policy was last reviewed in April 2020