Mobile Device Management
Introduction
Dentex provides a range of cloud-based services, including email & file storage, for the use by our employees across the group. As our users often deal with personally identifying information, we need to balance functionality with the risk of unintended or unauthorised information disclosure.
Our employees widely use their own mobile phones to communicate via email, and this document explains the approach Dentex takes to managing company information on personal devices.
With recent changes in data protection legislation, it is necessary for Dentex to take steps to ensure that personally identifying information is adequately protected.
Our commitment to You
Dentex takes your privacy very seriously and we commit to only use information collected from your device for the correct operation of our systems. We recognise and respect your privacy and will limit the scope of the collected information to that which is required to protect confidential data of our business.
What are the risks?
With the introduction of the General Data Protection Regulation (GDPR) and the Data Protection Act (2018), companies need to ensure that personal data is processed appropriately and protected from unauthorised disclosure. This is especially so where it involves the transmission of special category data, such as treatment plans or patient health information. The law provides for harsh penalties for non-compliance.
As our business involves exchanging not just personal data, but health data as well, we need to ensure that this is only stored on devices that are verifiably secure. We also need to be able to demonstrate that we have taken appropriate measures and steps to protect the data, and that we have strategies to deal with events such as loss or theft.
To do this, we make use of a technology called Mobile Device Management. This manifest itself on your device as an app called ‘Company Portal’.
What does the Company Portal do?
Company Portal is an app from Microsoft that is provided as part of their Mobile Device Management solution. It allows us to ensure that a mobile device meets a certain criterion of security before it will be permitted to download any company information. This means that we know that your phone or tablet supports encryption, password protected access, and that we have the facility to remove the company data from the device if required.
What information does it disclose to Dentex?
For the Company Portal app to function, there is a certain level of information that we will collect from your phone or tablet:
- Device manufacturer and model (e.g. Google Pixel XL)
- Operating system and version (e.g. iOS 12.2.0)
- Device owner
- Device name
- Device serial number
- Device IMEI (the unique code that identifies your phone)
- The last four digits of your device phone number
This information is only available to members of the Dentex IT team and is only used in carrying out duties consistent with Dentex policy and procedures.
What does it not disclose?
Dentex does not have access to the following information:
- Calling and web browsing history
- Personal email and text messages
- Any information about apps you have installed or their contents
- Contacts
- Calendar
- Passwords
- Pictures, including what’s in the Photos app or camera roll
- Files
- Your current location or location history
What options do you set on my device?
In order to protect the company information, we enforce the following policies on your device:
- The use of a password to lock your device (minimum 4 characters)
- The device will automatically lock after 5 minutes of inactivity
- Encryption is enabled
- Company email is only available via Microsoft Outlook
- Jail broken devices are not permitted
If your device is unable to meet these requirements, you will not be able to install the Company Portal, which will prevent your access to Dentex email and other services.
What services require Mobile Device Management?
The following services require enrolling your device into Mobile Device Management:
- Microsoft Teams
- Microsoft Yammer
- Microsoft Power Automate
- Microsoft Forms
I don’t want to install Company Portal on my personal device
We are committed to respecting your privacy, but we must balance this with protecting the privacy of our patients and the confidentiality of our company data. If you don’t want to install the company information management solution on your mobile device, you will unfortunately not be able to access the full range of online services based on Microsoft 365 provided by Dentex.
If accessing these services via your mobile device is required for your job, you should discuss this with your manager.
The following services are available to access without Mobile Device Management:
- Email (via Outlook app or mobile Edge browser only)
- The Hub (via mobile Edge browser only)
If you'd like information on how to get access to your email, we have the follow guides available:
In summary
Dentex makes use of mobile device management technologies to facilitate our compliance with best practice for managing personal data within our systems. When you connect your personal mobile device to our systems, you understand that we will:
- Collect information required for the technological measures to function correctly (device make, model, name, owner, operating system, serial number, IMEI, and the last 4 digits of your number)
- Enforce a small set of policies to reduce the likelihood of unauthorised disclosure of company data (requiring encryption, passwords, idle timeouts)
If you do not wish to consent to this, you do not have to. However, you will be unable to access some Dentex systems from your mobile device.
Questions
If have any questions about mobile device management, please don’t hesitate to get in touch:
Alternatively, if you would like to go ahead and install the company portal please click here