Bring Your Own Device (BYOD) Policy

Version: 1.0 (March 2022)

Staff and Pupils

  1. The purpose of this policy is to ensure so far as possible that personally-owned devices used by members of staff and pupils are used in a manner which protects client confidentiality, personal data and the confidentiality of chambers communications.  This policy supplements the chambers IT.
  2. All members of staff and pupils should be made aware, whether through IT policies or employment contracts, that chambers reserve the right to access personally-owned devices for the purpose of ensuring the effectiveness of this policy, in the event of termination of employment or the pupillage or if it is suspected that there has been a breach of this policy or the chambers IT.
  3. With the approval of Ryan Thompson, members of staff may use personally-owned computers, smartphones and tablet computers (“approved devices”) for purposes related to chambers.
  4. With the approval of Ryan Thompson, pupils may use personally-owned computers, smartphones and tablet computers (“approved devices”) for purposes related to their work.]
  5. Approved devices must be secured by a password or a biometric access control (e.g. fingerprint scanner or facial recognition).  Passwords should be sufficiently memorable that the user can avoid writing them down, but not obvious or easily guessed.  Long passwords are best, as a short password can be cracked more easily by hacking software.  A combination of three words, using a mixture of upper case and lowercase characters and at least one numeral may be easiest to remember.  Default passwords (e.g. ‘1234’, ‘admin’) should always be changed.  The same password must not be used for all devices, services and websites.  Passwords must be changed if a password is disclosed to another person or discovered, and in any event every six months.
  6. Approved devices must be configured so that they are automatically locked after being left idle for a set time of no more than 5 minutes in the case of mobile devices and 10 minutes in the case of desktop.
  7. Approved devices must be encrypted in a manner approved by Ryan Thompson.
  8. Care must be taken to avoid using approved devices in a manner which could pose a risk to confidentiality, whether by clicking on links in suspicious emails, accessing potentially harmful websites, using potentially harmful application software, using wi-fi facilities in public places (e.g. coffee shops or airports), or otherwise.  Some apps may be capable of accessing sensitive information. Software which is not used should be removed from approved.
  9. In the event that an approved device is lost or stolen, or is suspected of having been lost or stolen, Ryan Thompson must be informed as soon as possible so that such steps as may be appropriate may be taken to delete from the device the chambers email account and other data belonging to chambers or its clients, and to report the loss of the device.
  10. Passwords to approved devices must be kept confidential and must not be shared with family members or third parties.
  11. Approved devices must not be used by family members or other persons unless either:
    1. the device has been configured for separate logins to ensure restricted access to files, or
    2. the member of staff [or pupil] uses the device for work using only chambers remote access.
  12. Approved anti-virus software must be used on approved computers and must be kept up to date.  The latest security updates to the operating system and browser software must be routinely installed on approved computers (this does not require the installation of an entirely new version of the operating system).
  13. Home Wi-Fi networks must be encrypted. Caution must be exercised when using public Wi-Fi networks as public Wi-Fi networks may not be secure.
  14. Except in the case of an emergency, members of staff and pupils may not copy data from approved devices to other personally-owned devices.  The data must be securely deleted when the emergency has passed.
  15. Appropriate cloud storage services may be used with the permission of Ryan Thompson.  Services which do not encrypt data before the data is uploaded will not be approved.
  16. If an approved device needs to be repaired, appropriate steps must be taken to ensure that confidential information cannot be seen or copied by the For this reason, the arrangements for repair must be made through chambers.
  17. In the event that an approved device needs to be disposed of, confidential material must be destroyed or wiped using a recognised method to put the data beyond recovery, to the satisfaction of Ryan Thompson.  Merely deleting the files, single-pass overwriting, or reformatting the disk is Physical destruction or the use of specialist deletion and overwriting software is necessary.
  18. In the event of a member of staff or pupil leaving chambers, appropriate steps must be taken to the satisfaction of Ryan Thompson to remove the chambers   email account and other data belonging to chambers, Members of chambers or their clients from approved devices and cloud storage services used by that member of staff or pupil.

Portfolio Builder

Select the legal expertise that you would like to download or add to the portfolio

Download    Add to portfolio   
Portfolio
Title Type CV Email

Remove All

Download


Click here to share this shortlist.
(It will expire after 30 days.)