In the world of data protection, BYOD stands for “bring your own device” where employees (and others) use their own tablets or mobile telephones to access corporate networks. The Information Commissioner’s Office has already published some useful guidance for businesses which is supported by a recent working paper published by the International Working Group on Data Protection in Telecommunications. The paper highlights the difficult balance between safeguarding corporate data and the individual user’s privacy and goes on to set out some of the risks associated with BYOD which include devices accessing potentially less secure communications networks and being more susceptible to external attacks, practical difficulties with enforcing corporate security procedures, use of the device by family/friends and unexpected or unauthorised use of cloud services. Businesses which allow access to their systems via personal devices must get to grips with the law and put in place procedures to ensure their data, and reputation, is protected.