General Data Protection Regulations and the Police
Many of you will be familiar with the increasing volume of discussion being held in businesses around the General Data Protection Regulations (GDPR) due to come into force next year. How does this affect the use of mobile devices for the Police Force?
What you may not be aware of, is that policing has a special version of these regulations. The snappily entitled “DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data.”
There has been a huge surge in demand for officers to have mobile access to critical, core policing applications. Benefits include the ability to access and submit information, without the lengthy process of calling through to the station along with immediate access to real-time information that could be shared across forces. Reductions in administrative costs create additional compelling reason to invest in this technology.
What about the issues of mobile device use for the Police?
Keeping Data Secure
Data security has always been a top priority – no matter the method of access. In a mobile world, there will be substantial effort and cost incurred to keep data secure.
You only have to look at the results being posted by the MDM (Mobile Device Management) and/or EMM (Enterprise Mobility Management) vendors to see the dramatic upsurge in activity in these sectors. There is now another compelling reason why you should be looking carefully at how you are or are planning to respond to such demands for mobile access.
Compliance with EU Directive 2016/680
Compliance with EU Directive 2016/680 is now not only embedded in EU law but, regardless of Brexit or Breturn, also embedded in UK law. It is due to come into effect as early as 6th May 2018.
We can all remember stories, some apocryphal but many true, of critical data being lost due to laptops and mobiles being stolen or left in the back of a taxi! Whilst historically these losses could be considered just embarrassing, in future these could become potentially disastrous to police budgets!
Data security breach would result in substantial penalty
There are some pretty punitive articles in the legislation (Article 55 which establish the right of the data subject i.e. a suspect or witness whose data security has been breached to seek compensation and Article 56 which provides for fines being established for failure to comply with the requirements to be “effective, proportionate and dissuasive” – this last suggesting that they could be substantial amounts!
There could be an argument that allowing officers to have and store Personally Identifiable Information (PII) on their mobile device is a violation of the basic principles related to data security (Article 20). Almost by definition, putting PII data on a mobile device increases the risk of data loss.
Unfortunately, the ramifications of this Directive not only effect the use of the mobile device but also the rights of data subjects to be notified of any personal data breach under Article 31.
How will you provide a suitably robust breach reporting system when the data lost is not maintained centrally but stored on the device? In the example of device loss referred to above, how and who will you need to contact?
Bringing order to this potentially chaotic situation
If the challenge is how to adequately protect the PII data whilst in transit to the device then you should consider an adequate method of encryption for the data. There is a wide variety of encryption methods available so selecting one may not be straightforward but, in the main, “any encryption is better than no encryption”!
Encryption secures the data in transit. How do you secure the data on the device?
This is where all those complex and expensive MDM/EMM solutions come into play. You now need to think about how to secure this stored data in such a way that it cannot be accessed incorrectly. Imagine triple locking yourself in an office every time you want to use your desktop/laptop and you’ll get some idea of the restrictions necessary. Add to that the cost of having someone come and lock you in!
Surely there must be a better way?
Avoid all of these risks by not having any data stored on the device. That way you won’t run the risk of losing something which isn’t there in the first place nor will you have to spend huge amounts of money trying to protect something which shouldn’t be there anyway!
- How can mobile access be provided to these most critical systems and data without having any data stored on the device?
- How will that enable my mobile officers to continue to work on the move?
- What about all these expensive point-specific mobile app solutions which everyone is telling me we’ll need to develop?
Enterprise Applications Mobility Layer – between device and data
An Enterprise Applications Mobility Layer (EnAML)
- Connects the device in your hand to the enterprise platform.
- Uses existing gateway connections or incorporates VPN connections if required.
- Translates, on demand, the content from your server to a format that can be viewed and interacted with on the mobile device.
- Securely views and interacts with all your content.
- EnAML can interact even if the server was not previously compatible with the device – it is now.
- No data is ever stored on the device. Also, the interaction with server is completely secure and compliant with any Data Protection/Data Compliance requirements.
This approach keeps your data, including your PII data, secure. The data never leaves your servers and is never stored on the mobile device. The technology also brings with it a series of user-productivity enhancements which will transform the way officers are able to work with mobile devices. Custom keyboards, user-selectable gestures, voice activated data capture to legacy applications from any device. EnAML is dramatically less expensive to implement than MDM/EMM/Mobile App Development solutions.
It is a unique approach to ensuring that mobile police officers can work productively with even the most critical applications and data whilst remaining fully data secure. All enterprise applications are accessible on their device via one single app instead of a myriad of differing point-specific mobile apps from disparate applications vendors.
EnAML is clearly is a better way to bring mobility to officers without compromising security or compliance.