Slides from presentation by Betty Willder, Jisc Legal on BYOD

1. BYOD
Where does institutional liability end ?
26 June 2013
RSC Eastern Technical managers Forum

2. Hello!
Betty Willder
info@jisclegal.ac.uk
0141 548 4939
www.jisclegal.ac.uk
http://twitter.com/JISCLegal

3. About Jisc Legal
• Role: to avoid legal issues becoming a
barrier to the use of technology in tertiary
education
• Information service: we cannot take
decisions for you when you are faced with a
risk

4. “ … 47% of all UK adults now use their
personal smartphone, laptop or tablet
computer for work purposes. But less than 3
in 10 who do so are provided with guidance
on how their devices should be used in this
capacity, raising worrying concerns that
people may not understand how to look after
the personal information accessed and
stored on these devices…”
http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices07032013.aspx

5. The Issues
Copyright (using other people’s stuff)
Data protection (respecting privacy)
e-Safety (protecting users)
e-Security (protecting the organisation)

6. The Difference
Not linked to place (mobile!)
Personal, invasive and pervasive
Own device
Combines access and communication

7. What’s the biggest issue about
mobile?
1.
2.
3.
4.
5.
Copyright
Data protection
e-Safety
e-Security
Haggis
0%
0%
0%
1.
2.
3.
0%
0%
4.
5.

8. Copyright & Mobile Devices
be ‘appy’ with your apps
T&Cs
‘Personal use’
Per device, per user,
multi-use

9. Do you have a mobile device with
copyright infringing content with you?
1. Can I call my lawyer?
2. Maybe.
3. I’m looking around to see
what option others are
pressing.
4. Yes.
5. Definitely not, guv. Honest.
0%
1
0%
0%
2
3
0%
0%
4
5

10. Data Protection & BYOD
Compliance and privacy
Purposes / purpose creep
Surveillance
Marketing - PECRs

11. “ … 47% of all UK adults now use their
personal smartphone, laptop or tablet
computer for work purposes. But less
than 3 in 10 who do so are provided
with guidance on how their devices
should be used in this capacity, raising
worrying concerns that people may not
understand how to look after the
personal information accessed and
stored on these devices…”
http://www.ico.gov.uk/news/latest_news/2013/survey-guidance-on-byod-personal-devices07032013.aspx

12. e-Safety & Mobile Devices
Enables new, pervasive
communication
Anonymity and access
Duty of care
Criminal offences

13. e-Security & Mobile Devices
BYOD
BYOVRD
LYOD
DP, liability,
breach of T&Cs

14. The college/employer legal
obligations
• Statutory obligations to comply with
various pieces of law
• Common law obligation of duty of care

15. Statutory Obligations
• Difficult to meet them if systems are not
technically up to date using latest standards
etc
• Data protection probably most risky area
• Help available on BYOD – ICO guidance

16. So where does college liability end?
1. It extends to all permitted
mobiles
2. Only to staff mobiles not
students’
3. Not our mobiles – not our
responsibility
4. It depends
5. In tears
0%
1
0%
0%
2
3
0%
0%
4
5

17. The employee legal obligations
• The employee ‘is’ the college
• Any personal liability?
• College needs to rely on its
employment contracts, behavioural
policies and disciplinary policies
• BYOD is about people, not devices

18. The student’s legal obligations
•
•
•
•
The student ‘is not’ the college but…
…accesses college licensed
materials, college personal data, e
safety, e-security
College needs to rely on its student
contract, behavioural policies and
disciplinary policies
Common law obligation of duty of care

19. The JISC Legal BYOD Toolkit –
what’s in it?

20. BYOD Toolkit (1 May 2013)
Jisc Legal has published a BYOD toolkit in response to the rise in learners and employees using their personal computing devices (typically
smart phones and tablets) in the work and learning environment.
The toolkit includes a variety of resources:
1.
Your Staff, Mobile Devices, Law and Liability
To some extent bring your own device (BYOD) is already happening in your institution. Staff are already using their mobile devices to access
their work emails, papers and documents from off campus. This paper focuses on the legal issues surrounding staff bringing their own devices.
2.
Your Students, Mobile Devices, Law and Liability
Students will increasingly expect that all information and services currently available from a university or college desktop will be available to them
via their mobile device. At the same time, institutions will want to ensure that systems and information are secure, and users adhere to policies on
access to systems. This paper focuses on the legal issues surrounding student mobile use.
3.
Risk, Liability and Mobile Devices
This paper provides a quick reference for managers as to the main legal risks which need to be assessed against your institution’s risk strategy
before opening your institution’s ICT system to mobile access by staff and students using their own devices.
4.
Bring Your Own Device Policy Template for Further Education
The BYOD Policy template is intended as a guide to help providers write an effective policy that states what their institution's approach is to the
use of personally owned devices by staff and learners.

21. New Guidance

22. FAQ: Can we seize and forensically analyse
a staff or student’s device in the case of
suspected misuse?
1. Yes our policy says we can
2. No- only the police can do this
under warrant
3. Maybe if the circumstances
are serious enough
4. I’m looking around to see
what option others are
pressing.
0%
1
0%
2
0%
3
0%
4

23. Policies
• BYOD
• DP AUP/student behaviour
• Staff procedures – dp, copyright,
safeguarding, e-safety…
• Disciplinary policies
• Publicise and enforce!

24. Enforcing your policies
• If want to rely on them, need to have
them in place!
• Need to be fair – consultation?
• Consistently enforced
• Very challenging in BYOD
• Use technology

25. Any Questions ?
http://jiscleg.al/BYODToolkit