Bring your own device (BYOD) & customer data protection - Are you ready?

Nov 2014

Enterprise mobility through Bring-Your-Own-Device (BYOD) has been around for at least 3 years and there have been lots of lessons learnt in many organisations in relation to leakage and loss of customer data and sensitive information. In October 2014, the restriction of implementing BYOD for banks in Hong Kong was removed by the Hong Kong Monetary Authority (HKMA) through the issuance of an updated circular “Customer Data Protection” (first introduced in 2008). While this updated circular has tightened the enterprise-wide control requirements to protect the confidentiality of customer data, it includes new guidance over the implementation of BYOD, with reference to the control requirements specified in the paper entitled "Recommended Standards of Bring Your Own Devices for Work by Bank Staff in Hong Kong" issued by the Hong Kong Association of Banks (HKAB). As there are more compliance requirements to follow, is your bank ready to enjoy the business benefit brought by enterprise mobility and BYOD? Are you comfortable that you have adequate enterprise-wide controls over the protection of customer data to ensure compliance?