Wearable Tech and the data protection problem

apple watch

Earlier this year, the Information Commissioner’s Office (ICO) published a blog highlighting how easy it is to collect personal data using wearable technology. This was one of the first times the ICO had clarified its position on wearable technology, using the post to reinforce the fact that as soon as personal data is used for business purposes it becomes subject to the Data Protection Act 1998.

While wearable technology may not yet be ready for the work environment, the ICO’s announcement reminds us just how much personal data is collected by companies, and that any data which can identify an individual counts as ‘personal’. This means that under the Data Protection Act 1998, organisations that hold personal data face the prospect of a fine of up to £500,000 from the ICO if they lose data or it ends up in the public domain.

But what does this means for the channel? For a start, it highlights just how many businesses now fall under the remit of the Data Protection Act. We’re in a situation where more employees than ever can access data through a range of mobile devices including tablets, laptops, smartphones and even wearable technology. This rise in mobility increases the chances of these devices being lost and a data breach occurring.

However, the proliferation of devices and data means that many existing device management strategies simply aren’t capable of coping with the governance, risk and compliance (GRC) landscape that they’re now faced with. But for a lot of businesses, this isn’t something that has been addressed, let alone thought about.

This is where resellers and VARs have a fantastic opportunity to act as trusted advisors to their customers to help them navigate the minefield of GRC, providing them with the right solutions and insights. There are three parts to an effective GRC strategy – policy, education and technology – and this is something resellers should feel comfortable discussing with customers.

The policy is the company’s stance on what is and what isn’t acceptable when using and accessing corporate data. This policy has to be clear and accessible, and while it should be written by a legal expert, it needs to be understood by everyone it relates to.

Employees need to receive tailored GRC training that relates to their role and the wider organisation – it can’t just be an off-the-peg training course. However, the most important aspect of a GRC strategy, and the element which underpins everything else, is the technology used to protect mobile devices and the data they contain.

The difficulty businesses face is that many data protection and mobile device management solutions are tailored for specific devices. When a new type of device is added to the corporate network, the existing solution can’t provide the necessary data protection, because it focuses on the device rather than the user.

A user-centric solution means that even when new types of devices are added to the corporate network, they’re protected against data loss. We work with a number of vendors, such as Absolute Software and its Computrace solution, to provide our resellers with technology that can support the full range of corporate devices.

Having the right type of data protection solution in place ensures firms are protected against potential GRC breaches. For example, it means that in the event of a lost device, you can lock it down so that data cannot be accessed through it, and even prove to the ICO that there hasn’t been a breach. It also means you have much more control over what users can and can’t do with their devices, heading off data breach incidents before they happen.

Resellers and VARs have an excellent opportunity here to help their customers overcome their GRC challenges. Often, businesses won’t realise the problems they are potentially facing as a result of their existing BYOD strategies. The key for the channel is to be able to demonstrate the risks to their customers, and to then be able to walk them through how they can safeguard themselves. The opportunity for resellers that do this is around offering and implementing a data protection solution. It’s a chance to offer an additional solution alongside any wider IT deployments that you’re working on with your customers, ensuring an additional revenue stream. It’s also a technology that becomes increasingly relevant as more and more stories about data loss and ICO fines hit the headlines.

However, the question resellers need to ask themselves is whether they’ve got the understanding and solutions necessary to take advantage of these opportunities. It’s only by having the right expertise and technology that resellers are able to give their customers the support they’re looking for around GRC.

Duncan Forsyth is UK and Ireland MD at Westcoast