JL_risklogo.png

Workers Comp Audit Stress Reducer
Use It For Your Next Premium Audit

PARIMA Zoom Conference – BYOD – How Dangerous Is This?

Facebook
Twitter
LinkedIn

BYOD – A practical solution or risk too far – PARIMA Zoom Conference

This PARIMA Zoom Conference was reported on by our website consultant contractor.  The conference occurred at 3 AM Eastern Time.

parima zoom conference hacker pic
Public Use License – Wikimedia Commons – openclipart

PARIMA is an international risk management organization.  They invited us to sit it and report on the webinar.  PARIMA has been very accomodating to us over the last four years.   Check out their website here. 

The PARIMA Zoom conference from last month can be found here.

BYOD speakers:

Gerallt Owen Managing Director of Kroll

Jenny Zhuang Of Counsel Dentos Hong Kong

Bryan Tan – Partner – Pinsent Masons

Steve Tunstall – Director, Group Head of Compliance and Risk – Wadzpay.com

PARIMA Zoom Conference -What is BYOD?

Bring your own devices (“BYOD”) is an organizational policy that allows employees to use their own electronic devices to access the organization’s information, including personal data collected by the organization.

BYOD – Guidance from the PCPD – Speaker: Gerallt Owen Speaker

Saying ” When Pandemic hits, people get READY”.

In August 2016 the Privacy Commissioner for Personal Data, Hong Kong issued BYOD guidance:

“It is important to realize that even though the personal data is stored on a device owned by the employee, the organization remains fully responsible for compliance with the Personal Data (Privacy) Ordinance (the “Ordinance”) in respect of this personal data.

Organizations should therefore establish administrative, physical, and technical measures to ensure that such personal data is protected and reinforce these measures through written policies, notifications, and training.”

PARIMA Zoom Conference – Understanding the Key BYOD risks

Understand your organization is.

MALWARE

  • Open-source application with low-security strands
  • Potential Malware on a USB drive

LEGAL/REGULATORY

  • Data breach
  • Contractual Breaches
  • Regulatory investigations
  • Litigation

DATA THEFT

  • Weak security configuration
  • Theft of Intellectual Property
  • IT security data

DATA LOSS

  • User-initiated data loss
  • Higher Potential for accidental data loss
  • The leak of Sensitive information

SHADOW IT

  • unsanctioned BYOD Devices
  • Lack of Security
  • Unapproved software

EMPLOYEE TRAINING

  • Training needs to be relevant to the BYOD
  • Training on BYOD policy

LOSS OF CONTROL

  • Lack of monitoring
  • Lack of control and visibility on other software added to the device
  • User sharing devices or passwords with others

LOST/STOLEN DEVICES

  • Part exchanged devices
  • Ability to wipe devices remotely
  • Personal and Business data loss

 

BYOD and the Employment Relationship – Speaker: Jenny Zhuang

  • Why is it important to have a BYOD policy?
  • How do you police or enforce such a policy?
  • Can an employer fire an employee for his/her failure to comply with the BYOD policy?
  • What happens when an employee leaves the organization?

What should a BYOD policy contain?

  • A clear statement as to whether it will be incorporated into the employment contract
  • Employer’s written consent requires for using personal devices to work
  • Activities allowed vs activities not allowed
  • Minimum hardware and software requirements
  • Clearly state employer’s right to access/inspect, delete, or demand return or destruction of company data
  • Consequences of non-compliance
  • Intellectual property rights
  • Emphasize employee’s duty to comply with data privacy laws
  • Disclaimer of employer liability
  • Assertion of employer’s legal right to seek indemnity or contribution
  • Cross-reference to other existing policies such as general IT policy, cyber security policy, social media policy, anti-discrimination/anti-harassment/anti-bullying policy
  • Contain an acknowledgment form that the employees should sign and return to the employer

BYOD according to the Personal Data Protection Commission – Speaker: Bryan Tan

Guiding to Securing Personal Data in Electronic Medium

Security measures taken to protect portable computing devices should apply whether the devices are issued by organizations or owned by employees (e.g. Bring Your Own Device or BYOD).

Advisories on Collection of Personal Data for Covid-19 Contact Tracing and Use of SafeEntry

If you are permitting employees to install and run organization-supplied apps on their own personal devices, you should: Implement BYOD policies to govern the installation and use of organization-supplied apps on employees’ personal devices.

PDPA 2020 amendments – Enforcement ( not in force until at least 1 Feb 2022)

Financial penalty cap – higher of  10% annual Singapore turnover or S$1M

BYOD – Mandatory Breach Notification – (in force)

  • “data breach”, in relation to personal data, means-
  • (a) the unauthorized access, collection, use, disclosure, copying, modification or disposal of personal data; or
  • (b) the loss of any storage medium or device on which personal data is stored in circumstances where the unauthorized access, collection, use, disclosure, copying, modification or disposal of the personal data is likely to occur.
  • s26C – where an organization has reason to believe that a data breach has occurred affecting personal data in its possession or under its control, the organization must conduct, in a reasonable and expeditious manner, an assessment of whether the data breach is a notifiable data breach.

PARIMA Zoom Conference BYOD – Legal and Regulatory considerations

  • Data Breach – do you need to report, what do you report, what are the consequences?
  • Investigations – how do you respond to production orders for BYOD equipment? How to do conduct a litigation hold or legal hold? Over-collection? Under-collection? What if BYOD has been disposed of? What if the employee has left?

PARIMA Zoom Conference – Question

Steve Tunstall’s question ” How will Risk Managers handle BYOD?”

Bryan Tan responded, ” remote test Protocol and insurance premium.”

This was a great webinar.  When the next PARIMA Zoom conference occurs, we will post it in the articles.

 

©J&L Risk Management Inc Copyright Notice

Facebook
Twitter
LinkedIn

Related...

James J Moore - Workers Comp Expert

Raleigh, NC, United States

About The Author...

James founded a Workers’ Compensation consulting firm, J&L Risk Management Consultants, Inc. in 1996. J&L’s mission is to reduce our clients’ Workers Compensation premiums by using time-tested techniques. J&L’s claims, premium, reserve and Experience Mod reviews have saved employers over $9.8 million in earned premiums over the last three years. J&L has saved numerous companies from bankruptcy proceedings as a result of insurance overpayments.

James has over 27 years of experience in insurance claims, audit, and underwriting, specializing in Workers’ Compensation. He has supervised, and managed the administration of Workers’ Compensation claims, and underwriting in over 45 states. His professional experience includes being the Director of Risk Management for the North Carolina School Boards Association. He created a very successful Workers’ Compensation Injury Rehabilitation Unit for school personnel.

James’s educational background, which centered on computer technology, culminated in earning a Masters of Business Administration (MBA); an Associate in Claims designation (AIC); and an Associate in Risk Management designation (ARM). He is a Chartered Financial Consultant (ChFC) and a licensed financial advisor. The NC Department of Insurance has certified him as an insurance instructor. He also possesses a Bachelors’ Degree in Actuarial Science.

LexisNexis has twice recognized his blog as one of the Top 25 Blogs on Workers’ Compensation. J&L has been listed in AM Best’s Preferred Providers Directory for Insurance Experts – Workers Compensation for over eight years. He recently won the prestigious Baucom Shine Lifetime Achievement Award for his volunteer contributions to the area of risk management and safety. James was recently named as an instructor for the prestigious Insurance Academy.

James is on the Board of Directors and Treasurer of the North Carolina Mid-State Safety Council. He has published two manuals on Workers’ Compensation and three different claims processing manuals. He has also written and has been quoted in numerous articles on reducing Workers’ Compensation costs for public and private employers. James publishes a weekly newsletter with 7,000 readers.

He currently possess press credentials and am invited to various national Workers Compensation conferences as a reporter.

James’s articles or interviews on Workers’ Compensation have appeared in the following publications or websites:

  • Risk and Insurance Management Society (RIMS)
  • Entrepreneur Magazine
  • Bloomberg Business News
  • WorkCompCentral.com
  • Claims Magazine
  • Risk & Insurance Magazine
  • Insurance Journal
  • Workers Compensation.com
  • LinkedIn, Twitter, Facebook and other social media sites
  • Various trade publications

Subscribe

Get the latest workers' comp news FREE!

Name
This field is for validation purposes and should be left unchanged.