An Evaluation of Data Protection and Privacy Issues Introduced by BYOD in Financial Institutions

Author

Andy Miguel Santana, Nova Southeastern UniversityFollow

Date of Award

2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy Cybersecurity Management

Department

College of Computing and Engineering

Advisor

Ling Wang

Committee Member

Mary Harward

Committee Member

Junping Sun

Keywords

Computer engineering, information technology

Abstract

The idea of “bring your own device” (BYOD) allows organizational employees to conduct their tasks or processes on their own personal devices, has increased organizational efficiency significantly while allowing employees more flexibility. However, this approach also introduces major concerns about the security of organizational data as employees take their devices everywhere with them, opening more opportunities for unauthorized access to important data. Another major concern is the privacy of employee personal data. As many organizations implement BYOD, employees worry that with organizational monitoring and device management, their personal data is at risk as well. The problem this study tackles is the lack of effectiveness of policies within BYOD management tools and how these tools and security and privacy policies do not always fit an organization’s needs. This problem requires further research as prior research has demonstrated a lack of research availability regarding BYOD implementations specifically in financial institutions. The research is necessary due to the heightened implementation security risk, which eventually introduces data privacy and protection challenges/concerns. Prior research does not account for this risk as some institutions do not have the equal level of data constraints as a financial institution.

This study evaluates the data protection and privacy issues introduced by Bring Your Own Device (BYOD) practices in financial institutions, an area where sensitive data and regulatory compliance demands remain high. Using the Design Science Research (DSR) methodology, the research developed and implemented security and privacy policies within a BYOD management tool, with policies categorized into two domains: data protection and data privacy. Qualitative data was collected through expert interviews with certified cybersecurity professionals in the financial sector and further validated through a 90-day test implementation using a real-world BYOD management solution. The study identified key risks and gaps in existing BYOD practices and demonstrated that integrating tailored security and privacy policies significantly improved the confidentiality, integrity, and availability of institutional data while balancing employee privacy. The findings contribute a rigorously tested set of policy recommendations and implementation guidelines specifically for financial institutions aiming to adopt or improve BYOD practices without compromising compliance, user trust, or operational resilience.

NSUWorks Citation

Andy Miguel Santana. 2025. An Evaluation of Data Protection and Privacy Issues Introduced by BYOD in Financial Institutions. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Computing and Engineering. (1211)
https://nsuworks.nova.edu/gscis_etd/1211.