Privacy Commissioners Issue Guidance for BYOD Programs

In August 2015, the Privacy Commissioners of Canada, Alberta and British Columbia issued guidelines titled “Is a bring your own device (BYOD) program the right choice for your organization?” to assist organizations to determine whether and how to implement a BYOD program that effectively protects the organization’s information and respects the privacy rights of employees and customers.

The Guidelines remind that Canadian personal information protection laws require an organization to safeguard personal information in the organization’s custody or control from risks such as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. The Guidelines also remind that an organization is accountable for personal information collected, used or disclosed by the organization’s personnel using BYOD devices. The Guidelines include recommendations for developing and implementing a BYOD program, and caution that a BYOD program might not be the right solution for an organization.

BYOD programs can provide benefits, but they can also present significant business and legal risks. An organization can manage and mitigate those risks by designing and implementing a BYOD program that is suitable for the organization and its particular circumstances.

Read more here.

Data Incident Notification Obligations

Guidance for Corporate Directors