ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Growing Importance of User Privacy in BYOD

The Growing Importance of User Privacy in BYOD

| Published: 9/22/2014 3:34 PM | Category: Privacy | Permalink | Email this Post | Comments (0)
Ashwin ChaudharyAshwin Chaudhary, CISA, CISM, CGEIT, CRISC, CISSP, CPA, PMP
My recent Journal article addresses increasing concerns over user privacy due to a wide usage of personal mobile devices in the workplace. Recent privacy violation issues faced by large organizations have brought the topic of privacy issues into the limelight. There are several increased privacy regulations, such as the US Health Insurance Portability and Accountability Act (HIPPA) and the US Health Information Technology for Economic and Clinical Health (HITECH), which focus on health-related privacy issues, and the US Children's Online Privacy Protection Act (COPPA) for the online privacy of children. Such efforts are initiated to bring about stringent privacy regulations; however only strict enforcement of these regulations can ensure the law’s effectiveness.

With respect to bring your own device (BYOD), an enterprise’s focus is mainly on the corporate network and data security rather than user privacy. As a social responsibility, organizations also need to adopt user privacy audits and assurance programs to manage user privacy, as this protection is equally as important as protecting corporate security.

Regulations and compliance requirements that mandate annual certification are generally at a point-in-time, and some of them are based on self-assessment and self-certifications, which may lead to cutting corners. Continuous independent assurance programs, such as Service Organization Control (SOC) 2 or SOC 3 Type2, should be considered in corporate security planning.

Read Ashwin Chaudhary’s recent Journal article:
Privacy Assurance for BYOD,” ISACA Journal, volume 5, 2014.


There are no comments yet for this post.