jisc rsc eastern technical managers forum june 2013 'byod tech managers forum
DESCRIPTION
Slides from presentation by Betty Willder, Jisc Legal on BYODTRANSCRIPT
BYOD Where does institutional liability end ?
26 June 2013RSC Eastern Technical managers Forum
Hello!
Betty Willder [email protected]
0141 548 4939
www.jisclegal.ac.uk
http://twitter.com/JISCLegal
About Jisc Legal
• Role: to avoid legal issues becoming a barrier to the use of technology in tertiary education
• Information service: we cannot take decisions for you when you are faced with a risk
“ … 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices…” http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices-07032013.aspx
The Issues
Copyright (using other people’s stuff)
Data protection (respecting privacy)
e-Safety (protecting users)
e-Security (protecting the organisation)
The Difference
Not linked to place (mobile!)
Personal, invasive and pervasive
Own device
Combines access and communication
What’s the biggest issue about mobile?
1. Copyright2. Data protection3. e-Safety4. e-Security5. Haggis
1. 2. 3. 4. 5.
0% 0% 0%0%0%
Copyright & Mobile Devices
be ‘appy’ with your appsT&Cs‘Personal use’Per device, per user,multi-use
Do you have a mobile device with copyright infringing content with you?
1 2 3 4 5
0% 0% 0%0%0%
1. Can I call my lawyer?2. Maybe.3. I’m looking around to see
what option others are pressing.
4. Yes.5. Definitely not, guv. Honest.
Data Protection & BYOD
Compliance and privacy
Purposes / purpose creep
Surveillance
Marketing - PECRs
“ … 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But less than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices…” http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices-07032013.aspx
e-Safety & Mobile Devices
Enables new, pervasive communicationAnonymity and accessDuty of careCriminal offences
e-Security & Mobile Devices
BYODBYOVRDLYODDP, liability,breach of T&Cs
The college/employer legal obligations
• Statutory obligations to comply with
various pieces of law
• Common law obligation of duty of care
Statutory Obligations
• Difficult to meet them if systems are not technically up to date using latest standards etc
• Data protection probably most risky area• Help available on BYOD – ICO guidance
So where does college liability end?1. It extends to all permitted
mobiles2. Only to staff mobiles not
students’3. Not our mobiles – not our
responsibility4. It depends5. In tears
1 2 3 4 5
0% 0% 0%0%0%
The employee legal obligations
• The employee ‘is’ the college• Any personal liability?• College needs to rely on its
employment contracts, behavioural policies and disciplinary policies
• BYOD is about people, not devices
The student’s legal obligations• The student ‘is not’ the college but…• …accesses college licensed materials,
college personal data, e safety, e-security• College needs to rely on its student
contract, behavioural policies and disciplinary policies
• Common law obligation of duty of care
The JISC Legal BYOD Toolkit – what’s in it?
BYOD Toolkit (1 May 2013)
Jisc Legal has published a BYOD toolkit in response to the rise in learners and employees using their personal computing devices (typically smart phones and tablets) in the work and learning environment.
The toolkit includes a variety of resources:
1. Your Staff, Mobile Devices, Law and Liability
To some extent bring your own device (BYOD) is already happening in your institution. Staff are already using their mobile devices to access their work emails, papers and documents from off campus. This paper focuses on the legal issues surrounding staff bringing their own devices.
2. Your Students, Mobile Devices, Law and Liability
Students will increasingly expect that all information and services currently available from a university or college desktop will be available to them via their mobile device. At the same time, institutions will want to ensure that systems and information are secure, and users adhere to policies on access to systems. This paper focuses on the legal issues surrounding student mobile use.
3. Risk, Liability and Mobile Devices
This paper provides a quick reference for managers as to the main legal risks which need to be assessed against your institution’s risk strategy before opening your institution’s ICT system to mobile access by staff and students using their own devices.
4. Bring Your Own Device Policy Template for Further Education
The BYOD Policy template is intended as a guide to help providers write an effective policy that states what their institution's approach is to the use of personally owned devices by staff and learners.
New Guidance
FAQ: Can we seize and forensically analyse a staff or student’s device in the case of suspected misuse?
1 2 3 4
0% 0%0%0%
1. Yes our policy says we can2. No- only the police can do this
under warrant3. Maybe if the circumstances
are serious enough 4. I’m looking around to see
what option others are pressing.
Policies
• BYOD• DP AUP/student behaviour• Staff procedures – dp, copyright,
safeguarding, e-safety… • Disciplinary policies• Publicise and enforce!
Enforcing your policies
• If want to rely on them, need to have them in place!
• Need to be fair – consultation?• Consistently enforced• Very challenging in BYOD• Use technology