Sign in Subscribe

BYOD & NZ Workplaces: concerns, illegal practices & what we can do

BYOD & NZ Workplaces: concerns, illegal practices & what we can do
Friends sharing images from their phones. Photo by Afif Ramdhasuma on Unsplash

Bring Your Own Device (BYOD) has evolved substantially with the use of AI over the last decade. And it's not just in education sectors - we're talking every workplace, worldwide. Some courageous freedom-fighting activists have opted-out of smartphone use altogether. I wish I could too! The dangers of AI surveillance and age-restriction policies have been well-documented, so it makes sense (for those who can) to avoid smartphone ownership altogether, or at least heavily restrict its use.

But I've been shocked to discover recently, despite the obvious and numerous disadvantages (e.g. psychological addictions, distractions, legal issues and security-risks) how many organisations - commercial, charitable and Governmental - not only allow personal devices in their workplaces, but actively encourage them.

BYOD - Some Context

The NZ Privacy Act (2020) is widely cited in workplaces as a reason to prevent personal data from being shared. Each workplace should have a 'Privacy Officer' who's responsibility it is to take all reasonable steps to adhere to the law. Confidential info about children, patients and students etc should always be secured, public trust in any entity needs to be maintained. However, just like the Protected Disclosures (Protection of Whistleblowers) Act (2022), we have seen (especially during the covid era) how these Human Rights laws are ignored, dismissed or the judicial system later decide they simply 'do not apply' to a certain 'emergency' situations. One recent example comes from NZDSOS where during the kangaroo-court hearings of two dissident doctors...

Many people attending were deeply uncomfortable with the use of patient names as various case files were presented [...] in evidence against them. Couldn’t they have used numbers, or initials instead? [...] the assembled crowds [...] were party to totally unnecessary breaches of the [patient's] rights to medical privacy. We think this ignoring of Medical Ethics 101 needs addressing urgently... Source

Urgent is the word. The situation in NZ is dire. In at least one healthcare entity I know of (which will remain unnamed to protect the innocent), the day-to-day activities of staff could not continue without management's reliance upon staff BYOD. Let me explain in three short case-studies what is happening, why the laws are meaningless, why I'm so concerned (as you should be too), and most importantly what the hell we can DO about this.

Inside a Pre-School

Commercial preschools are ubiquitous in New Zealand; the NZ Government allows 20 hours 'free' childcare at approved institutions, and many busy working grand/parents understandably take full advantage of this service. [BTW this funding ensured all NZ pre-schools 'toed the line' during the covid era - the funded hours are paid directly to the pre-school and never to the parents/guardians.] Some readers maybe surprised to learn that their kiddywinks at a Kiwi preschool are unlikely to have a qualified staff member caring directly for them. The Ministry of Education's requirements state that:

At least 50% of staff must hold a recognised Early Childhood Education (ECE) qualification (a practising certificate is not required). But the 50% requirement does not mean that 50% of the staff working with children must be ECE qualified. (Source)

You see, like many such NZ policies, the 50% rule is deliberately arbitrary; it relates to other factors like 'max capacity' of the preschool, and where and what age the children are at the time. It also counts staff who are 'currently studying' towards their qualification. Mmmm. In reality, up to 50 children could be overseen by just one qualified staff member, which is quite some weight to bear for that formally-defined 'person responsible'.

Why is this relevant to BYOD concerns? My point here is, that more than 4,000 NZ preschools employ thousands of unqualified (untrained?) p/t or temp staff, on minimum wage and/or zero-hours contracts, to care for babies and young children - often for long hours, everyday. Let me be clear - I'm not criticising those individuals, indeed I know some of them personally. They are all hard-working, warm-hearted individuals, who genuinely care about the children they are entrusted with, and the quality/reputation of the preschool where they work.

However. Many of these preschools rely on staff BYOD to record and market the 'wonderful experiences' the babies and children benefit from, whilst their parents are busy at work. You see, there are 'private' Facebook groups, WhatsApp, Instagram and other social media where members can share photos, videos and events. Even though we have the Privacy Act, on a practical level, it seems like there is little if any legal framework to protect children from the exploitation that is built into every modern smartphone. Facial recognition, for example, will be activated and enhanced for these youngsters for the rest of their life. Informed consent is assumed. As most of my readers will already know, just because a Facebook group is defined as 'private' doesn't necessarily mean that images uploaded to that group remain private. Data harvesting with AI surveillance and manipulation is constant and growing, as Meta's Privacy Policy summarised here explains:

0:00
/1:34

Very few (I'm guessing) ECE staff members know how to delete identifying data from images and documents on their devices, such as location or dates. Many have no valid password protection in place or security awareness. How many of those preschools have a 'person responsible' knowledgeable about MFA (Multi-Factor-Authorisation) and regularly auditing the personal devices of all their staff (e.g. to delete (risky) work-related photos)? As this clip from 'Keeper Security' points out, there are a number of risks from BYOD that typical Kiwi preschool management teams simply won't even be aware of, let alone be in a position to address:

This lack of awareness is a deliberate strategy from the globalists - our curricula are devoid of this knowledge base - at ECE teaching and every level. More on the issues raised in that short video in a moment. Meanwhile, let's look at two other case studies where BYOD is a cause for concern:

Caring for Patients & Vulnerable Adults

In a parallel situation to ECEs, adults with disabilities, whether physical or psychological (or both), often benefit from some 'free' hours of personal care from Government welfare funding, e.g. WINZ or ACC. This could be available in the person's home, or inside a community setting. Again, this funding is usually awarded directly to the service provider, not to the individual in need, or their family. Hence a large industry has grown in recent years, and entities have consolidated over time, operating as 'non-profits' but with $millions in 'non-current assets' and grant income (that is mainly salary outgoings). Again, being a sector with low-paid, often unqualified staff (working long hours/shifts) leaves patients vulnerable to exploitation, not only directly from BigTech on their own devices (e.g. gambling apps, violent games), but also through the devices of those who, paradoxically, are paid to protect them from harm.

Photo by Care Assure on Unsplash

One example of my concerns about BYOD, comes from a non-profit that has no BYOD policy, but does have a (contradictory) 'IT and Cyber Use' policy. Within it, on the one hand, staff are warned about the potential risks (like those set out in the Keeper Security clip above) of BYOD, but on the other, staff are encouraged to join a 'private' FB group to share 'heartening stories' of the disabled people in their care, for families to 'view and comment on'. In this particular example, it was unclear to me whether the skills of the designated 'administrator(s)' of this Fb group (with >600 members) had the time, motivation and complex up-to-date IT skills required to quickly assess privacy and security problems, identify potentially fraudulent members/content and what actions to take.

Clearly, this case-study raises multiple important questions, including legalities. My most pressing query is: did these individuals provide valid, voluntary, informed consent for their images and other personal details and experiences to be shared? Were they even cognitively capable of providing this? If they weren't capable, was this informed consent adequately explained to, and formally secured from, their advocate? What is the longer-term consequence of this information being shared, who has access to it, can download it, exploit it? How is confidentiality being protected and continually reviewed? For clarity, here is the excerpt from the (publicly available) generic legal contract with service providers funded by the Ministry of Health, stipulating the requirements of the Privacy Act:

But who is training these Privacy Officers and how is their role being monitored or audited? I now have more questions than answers. And closely related to this Government funded/contractual issue is the fact that many GP surgeries in NZ have BYOD where healthcare practitioners upload (intimate) photos of patients' conditions to apps that use AI diagnostic tools. This links to previous articles I have published about the MyHealth & MyIndici patient data Apps and is a massive rabbit hole - a topic I will return to separately. Stay tuned!

As I explained in my summary of the Behavioural Insights Team's MINDSPACE Report, 'Nudges' rely upon our good nature to be effective. Most people believe that personal data won't be taken advantage of, and of those who do, their response is naively "I've got nothing to hide anyway". What they may not realise is how this meta-data is continuously being harvested, and becomes a weapon not only for marketing/propaganda but also for wealthy impact investors. This is especially true of the highly-valuable data from children and vulnerable adults that I outline above, being exploited.

Doggie Daycare

Photo by Judy Beth Morris on Unsplash

In my final case-study example, I want to turn to a seemingly more light-hearted, but serious, localised way that BYOD could be posing risks to our personal security. Many people send their dog(s) to doggie daycare, to socialise, exercise and generally have fun away from home. Maybe you don't care much about your pups 'digital pawprint'? But BYOD at a doggie daycare could also lead to breaches of personal data, Each dog is unique and if your dog is easily identifiable, do you know who can access photos of your dog and your location? Is your dog's Facebook photo of fun and frolicking simultaneously declaring to a potential criminal that you're likely not at home? Do staff keep regular weekly routines of your pup-posts? Could these photos online and/or a (stolen/hacked) dog-trainer's BYOD become a valuable source of intel for burglaries targeting specific properties? It's worth thinking about, especially now economic downturn is here.

And finally...

The cybersecurity issue was front-of-mind for me this week, when one of the world's largest cloud-based Learning Management Systems (LMS), Canvas, revealed a major security breach, and bizarrely then signed a pact with the devil and came to an 'agreement' with the cybercriminals concerned (!) I always advise my students NEVER to use their personal log-in details (e.g. Gmail) to access any LMS including Canvas, but sadly, sometimes convenience wins over caution.

The blurring between personal, studying and professional identities is almost complete, and serves the globalists well in their successful achievement of Agenda 2030's Digital ID. Whether you're a user of a 'smart' phone at work or not, manager of a BYOD or not, I've summarised above a 'tip of the iceberg' list of concerns about informed consent, security risks and data harvesting in an era of ubiquitous AI use. I also know that NZ laws are utterly broken and abused.

So what can we do about this? Here's a list of 7 items (can you think of more?) to reflect on, discuss and investigate, depending on how this topic impacts you and your family:

Recommendations:

  1. Do YOU currently BYOD to work? Check your phone's contents and security settings asap. Delete any workplace files/docs that could be problematic. Get help from a professional if needed.
  2. Encourage family and friends to do the same.
  3. Is there a formal, up-to-date BYOD policy where you work/study/volunteer? If not, could one be created asap? NB Formal legal advice recommended!
  4. In other workplaces where you interact - whether commercial, public or a mix - what is their BYOD policy and how might it impact your privacy? For instance, does your GP use his/her own device to share your data on other platforms? ASK THEM!
  5. Identify a list of places where your family members (including pets) could be at risk of privacy breaches from BYOD at pre/school, college/university, caring in the community, clinics, vets or socialising.
  6. Engage those organisations in an authentic respectful conversation about BYOD, and where possible, reduce or eliminate staff use of private devices for work-related duties.
  7. Commit to learn more about - and raise awareness of, how BYOD is risky to all our futures.

Peaceful non-compliance can delay/stop the roll-out of intrusive AI and Digital ID. A simple phrase like "Oh sorry, I forgot my phone today!" could be all that's needed to chip away at that cognitive dissonance. Just say NO!