Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

Canada’s federal, British Columbia and Alberta privacy commissioners issue BYOD guidance

By Kateri-Anne Grenier (CA), Christine Carron (CA) & Veronique Barry (CA) on September 20, 2015
Email this postTweet this postLike this postShare this post on LinkedIn
Norton Rose Fulbright - Data Protection Report blog

As the line between work and home becomes increasingly blurred, the federal, British Columbia and Alberta privacy commissioners have issued joint guidelines to help organizations reduce the risks of privacy breaches with respect to employers’ data accessed from employee-owned devices (EODs), while also securing employees’ privacy rights regarding any personal information stored on EODs.

The guidelines, issued on August 13, 2015, apply to all types of EODs – that is, all desktops and mobile devices, such as smartphones, tablets and laptops – used to access corporate data, emails, communications, applications and other processes and information, and intend to address issues pertaining to: (i) risk assessment; (ii) acceptable uses of EODs; (iii) corporate monitoring and app management; (iv) the sharing of EODs; (iv) connection to corporate servers; (v) responsibility for security features; (vi) software updates; and (vii) voice or data plans.

The guidelines also emphasize that organizations’ BYOD programs should provide for restriction with respect to: (i) cloud services, (ii) devices and operation systems; and (iii) information that can (or cannot) be stored on EODs. Likewise, the guidelines stress that such BYOD programs should address a number of issues, including: (a) users’ responsibilities; (b) acceptable and unacceptable uses of EODs; (c) access and security requirements; and (d) sharing of EODs with family and friends.

Finally, the guidelines indicate that although BYOD programs can be part of an organization’s cost reduction strategy, using EODs to carry out both personal and business functions may introduce privacy and security risks that could impact both personal and corporate information. Accordingly, in addition to the foregoing, the guidelines set out a series of considerations to be taken into account, such as: (i) implementing mobile device software to manage EODs that connect to the corporate network and effecting proper authentication measures; (ii) signing, with each EOD owner, an agreement providing for the administration activities that can performed on the EOD by the organization; (iii) considering partitioning each EOD into two compartments; (iv) implementing encryption, storage and retention procedures; (iv) addressing vulnerabilities and malware protections; and (v) providing adequate training for all IT professionals and users.

To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.

Photo of Kateri-Anne Grenier (CA) Kateri-Anne Grenier (CA)
Read more about Kateri-Anne Grenier (CA)Email
Photo of Christine Carron (CA) Christine Carron (CA)

Christine Carron practises primarily in corporate and commercial litigation and in the areas of banking, privacy, product liability, consumer protection and e-commerce. She is chair of our Canadian privacy and access to information team. She has been involved in a wide range of…

Christine Carron practises primarily in corporate and commercial litigation and in the areas of banking, privacy, product liability, consumer protection and e-commerce. She is chair of our Canadian privacy and access to information team. She has been involved in a wide range of commercial litigation, including the defence of major class actions in the financial services, retail and tobacco industries and represents corporate clients in disputes involving damages for breach of commercial contracts or for latent defects and in shareholder disputes.

Read more about Christine Carron (CA)EmailChristine's Linkedin Profile
Show more Show less
Photo of Veronique Barry (CA) Veronique Barry (CA)
Read more about Veronique Barry (CA)Email
  • Posted in:
    Privacy & Data Security
  • Blog:
    Data Protection Report
  • Organization:
    Norton Rose Fulbright
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Pro Policyholder
  • The Way on FDA
  • Crypto Digest
  • Inside Cybersecurity & Privacy Law
  • La Oficina Legal Ayala Hernández
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo