• Home

  • Documents

  • CNIL Adopts New Rules on Service Quality Monitoring and BYOD
2
1 CNIL Adopts New Rules on Service Quality Monitoring and BYOD The French data Protection Authority (hereafter: “CNIL”) recently released two documents reinforcing employees’ rights to privacy in relation to (i) the recording of telephone conversations with customers, and (ii) the use of personal device for work purposes, the so-called Bring Your Own Device (hereafter: “BYOD”). In a Decision No 2014-474 of November 27, 2014, the CNIL issued a Simplified Norm in which it simplifies the registration requirements for the recording and use of telephone conversations between employees and customers, while ensuring employee’s rights as follows: (i) The recording may not be permanent or systematic, including for evidentiary purposes. (ii) The purposes of the recording must be limited to employee training, employee evaluation and improvement of customer service. (iii) Employees must be provided with a notice that describes the purposes of the processing, the categories of data processed, the recipients of the data, individuals’ access rights and whether international data transfers take place. (iv) Customers must be informed about their right to object before the end of the data collection. (v) Companies may register their processing through a declaration of conformity by which they declare that they comply with the Simplified Norm. Where companies exceed the requirements of the Simplified Norm or process sensitive data, they will need to file a normal declaration. On February 19, 2015, the CNIL released short guidance for the use of BYOD. Although the guidance is not binding, it represents the CNIL’s current view. The guidance clarifies that BYOD may not replace a professional device as employers must provide their employees with the means necessary to perform their work. Companies are advised to draft a specific security policy for the use of BYOD including provisions on: (i) Identification of the part of the personal device that will be used for professional purposes and creation of a corresponding “security bubble”. (ii) Authentication measures for the control of distant access (electronic certificate or chip card). (iii) Encryption of information flows (VPN, HTTPS). (iv) Procedure for a security failure, including information of network administrator, provision of alternative device, and distant deletion of the professional data.

CNIL Adopts New Rules on Service Quality Monitoring and BYOD

Embed Size (px)

Citation preview

Page 1: CNIL Adopts New Rules on Service Quality Monitoring and BYOD

1

CNIL Adopts New Rules on Service Quality Monitoring and BYOD

The French data Protection Authority (hereafter: “CNIL”) recently released two documents

reinforcing employees’ rights to privacy in relation to (i) the recording of telephone conversations

with customers, and (ii) the use of personal device for work purposes, the so-called Bring Your

Own Device (hereafter: “BYOD”).

In a Decision No 2014-474 of November 27, 2014, the CNIL issued a Simplified Norm in which

it simplifies the registration requirements for the recording and use of telephone conversations

between employees and customers, while ensuring employee’s rights as follows:

(i) The recording may not be permanent or systematic, including for evidentiary purposes.

(ii) The purposes of the recording must be limited to employee training, employee evaluation

and improvement of customer service.

(iii) Employees must be provided with a notice that describes the purposes of the processing, the

categories of data processed, the recipients of the data, individuals’ access rights and whether

international data transfers take place.

(iv) Customers must be informed about their right to object before the end of the data

collection.

(v) Companies may register their processing through a declaration of conformity by which they

declare that they comply with the Simplified Norm. Where companies exceed the

requirements of the Simplified Norm or process sensitive data, they will need to file a

normal declaration.

On February 19, 2015, the CNIL released short guidance for the use of BYOD. Although the

guidance is not binding, it represents the CNIL’s current view. The guidance clarifies that BYOD

may not replace a professional device as employers must provide their employees with the means

necessary to perform their work.

Companies are advised to draft a specific security policy for the use of BYOD including

provisions on:

(i) Identification of the part of the personal device that will be used for professional purposes

and creation of a corresponding “security bubble”.

(ii) Authentication measures for the control of distant access (electronic certificate or chip card).

(iii) Encryption of information flows (VPN, HTTPS).

(iv) Procedure for a security failure, including information of network administrator, provision of

alternative device, and distant deletion of the professional data.

Page 2: CNIL Adopts New Rules on Service Quality Monitoring and BYOD

2

(v) Advanced security measures such as terminal locking with strong password and up-to-date

antivirus protection.

(vi) Guarantees that the security measures may not prevent employees from using the device for

personal purposes and that employers may not access the private information.

Finally, please note that companies do not need to register the use of BYOD separately from

their general processing for HR management.

The Decision on service quality monitoring is available (in French) at:

http://www.cnil.fr/documentation/deliberations/deliberation/delib/326/

The guidance for the use of BYOD is available (in French) at:

http://www.cnil.fr/documentation/fiches-pratiques/fiche/article/byod-quelles-sont-les-bonnes-

pratiques/

Written by:

Jan Dhont

[email protected]

+32 2 239 20 08

Delphine Charlot

[email protected]

+32 2 239 20 06

http://www.cnil.fr/documentation/deliberations/deliberation/delib/326/
http://www.cnil.fr/documentation/fiches-pratiques/fiche/article/byod-quelles-sont-les-bonnes-pratiques/
http://www.cnil.fr/documentation/fiches-pratiques/fiche/article/byod-quelles-sont-les-bonnes-pratiques/
mailto:[email protected]
mailto:[email protected]

Harmon.ie BYOD

Harmon.ie BYOD

Software
CISCO BYOD

CISCO BYOD

Documents
BYOD (Bring Your Own Device) - Meetupfiles.meetup.com/1698110/BYOD Slides MMv5.pdf · BYOD (Bring Your Own Device) Randy Gower – Good Technology Today’s Agenda BYOD Trends, Challenges

BYOD (Bring Your Own Device) - Meetupfiles.meetup.com/1698110/BYOD Slides MMv5.pdf · BYOD (Bring Your Own Device) Randy Gower – Good Technology Today’s Agenda BYOD Trends, Challenges

Documents
Managing BYOD Risk: Staying ahead of your mobile workforce · BYOD key business issues Information Security Forum • Managing BYOD Risk Managing BYOD Risk • Information Security

Managing BYOD Risk: Staying ahead of your mobile workforce · BYOD key business issues Information Security Forum • Managing BYOD Risk Managing BYOD Risk • Information Security

Documents
Google Answers CNIL

Google Answers CNIL

Documents
BYOD & Mobile Security Report - crowdresearchpartners.com · BYOD & MOBILE SECURITY SPOTLIGHT REPORT TABLE OF CONTENTS Introduction Key Survey Findings BYOD ADOPTION BYOD Drivers

BYOD & Mobile Security Report - crowdresearchpartners.com · BYOD & MOBILE SECURITY SPOTLIGHT REPORT TABLE OF CONTENTS Introduction Key Survey Findings BYOD ADOPTION BYOD Drivers

Documents
Benchmarking GDPR preparedness€¦ · (Art. 30 GDPR; e.g. CNIL and Belgian DPA) CNIL and BE DPA • Do EU-Model Clauses (Processors 2010) need amendment to meet Article 28 GDPR?

Benchmarking GDPR preparedness€¦ · (Art. 30 GDPR; e.g. CNIL and Belgian DPA) CNIL and BE DPA • Do EU-Model Clauses (Processors 2010) need amendment to meet Article 28 GDPR?

Documents
VMwareAirWatchBringYourOwnDevice (BYOD) andPrivacyGuide AirWatch BYOD... · BYOD solution.TodownloadtheBYOD AdoptionCampaignKit,visit. SupportedPlatformsforBYOD Deployments

VMwareAirWatchBringYourOwnDevice (BYOD) andPrivacyGuide AirWatch BYOD... · BYOD solution.TodownloadtheBYOD AdoptionCampaignKit,visit. SupportedPlatformsforBYOD Deployments

Documents
BYOD @uninett2013

BYOD @uninett2013

Technology
BeYOnD BYOD

BeYOnD BYOD

Business
The CNIL in a nutshell 2019 · THE CNIL IN A NUTSHELL FUNCTIONING PLENARY SESSIONS The members of the CNIL hold a plenary session once a week according to an agenda set by the Chair

The CNIL in a nutshell 2019 · THE CNIL IN A NUTSHELL FUNCTIONING PLENARY SESSIONS The members of the CNIL hold a plenary session once a week according to an agenda set by the Chair

Documents
Cnil Release and Letter to Google

Cnil Release and Letter to Google

Documents
BYOD & BYOT

BYOD & BYOT

Documents
BYOD / BYOT

BYOD / BYOT

Documents
BYOD Guide Created using iThoughts [...] [...]. BYOD Guide

BYOD Guide Created using iThoughts [...] [...]. BYOD Guide

Documents
BYOD - Employees Want BYOD? What you should know first

BYOD - Employees Want BYOD? What you should know first

Technology
Going BYOD

Going BYOD

Documents
Justice predictive - CNIL Justice_predictive Created Date 1/25/2017 11:04:33 AM

Justice predictive - CNIL Justice_predictive Created Date 1/25/2017 11:04:33 AM

Documents
Byod infographic

Byod infographic

Documents
The Mobilitics Inria-CNIL project: privacy and smartphones · The Mobilitics Inria-CNIL project: privacy and smartphones ... The Mobilitics Inria-CNIL project: privacy and smartphones

The Mobilitics Inria-CNIL project: privacy and smartphones · The Mobilitics Inria-CNIL project: privacy and smartphones ... The Mobilitics Inria-CNIL project: privacy and smartphones

Documents
BYOD or not to BYOD

BYOD or not to BYOD

Business
BYOD 3600 PLANNING - accudatatest.businesscatalyst.comaccudatatest.businesscatalyst.com/assets/byod-360-degree-planning.pdfLaying the foundation for BYOD, virtual desktops centralize

BYOD 3600 PLANNING - accudatatest.businesscatalyst.comaccudatatest.businesscatalyst.com/assets/byod-360-degree-planning.pdfLaying the foundation for BYOD, virtual desktops centralize

Documents
Notoriété et attentes vis-à-vis des algorithmes - CNIL · 2017-01-17 · Notoriété et attentes vis-à-vis des algorithmes Janvier 2017 Sondage Ifop pour la CNIL. Connection creates

Notoriété et attentes vis-à-vis des algorithmes - CNIL · 2017-01-17 · Notoriété et attentes vis-à-vis des algorithmes Janvier 2017 Sondage Ifop pour la CNIL. Connection creates

Documents
Byod presentation

Byod presentation

Education
CNIL€¦ · Created Date: 10/31/2018 5:41:44 PM

CNIL€¦ · Created Date: 10/31/2018 5:41:44 PM

Documents
BYOD @ ISC 2016 Parent Information Session. What is BYOD? BYOD means Bring Your Own Device

BYOD @ ISC 2016 Parent Information Session. What is BYOD? BYOD means Bring Your Own Device

Documents
SCOPE - CNIL

SCOPE - CNIL

Documents
CNIL | - N°06 › sites › default › files › atoms › files › cnil...Le design avait permis, à l’ère industrielle, de mettre le progrès technique au service de tous,

CNIL | - N°06 › sites › default › files › atoms › files › cnil...Le design avait permis, à l’ère industrielle, de mettre le progrès technique au service de tous,

Documents
Classroom Management with BYOD. BYOD in the 21st Century

Classroom Management with BYOD. BYOD in the 21st Century

Documents
Wildcatters PJHW January, 2013. What is BYOD? BYOD VIDEO

Wildcatters PJHW January, 2013. What is BYOD? BYOD VIDEO

Documents