Ensure Privacy While Viewing Data in Public
Don't look at sensitive data on mobile devices in public unless you can shield your screen from others.
Plain language
When you're looking at sensitive information on your smartphone or tablet in public, other people might be able to see what's on your screen. This can lead to your private or important company information getting into the wrong hands, which can cause all sorts of trouble like identity theft or company secrets being leaked.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
Sensitive or classified data is not viewed on mobile devices in public locations unless care is taken to reduce the chance of the screen of a mobile device being observed.
Why it matters
Viewing sensitive data in public without shielding the screen can expose information to bystanders, causing data breaches.
Operational notes
In public, fit a privacy filter and angle the screen away from others; avoid viewing sensitive/classified data if you cannot.
Implementation tips
- Managers should remind all employees about the importance of screen privacy. They can do this by sending out regular email reminders or organising short workshops that explain why it's important and how to be cautious.
- IT departments should provide privacy screen filters for devices. These filters can be attached to screens to make it harder for people nearby to see the information unless they're directly in front of the screen.
- Office administrators should include screen privacy as part of the regular onboarding process. This will ensure that all new employees understand the importance of protecting screen data when out and about.
- HR teams should develop clear guidelines for using mobile devices in public. These guidelines should include examples of safe practices, like sitting with your back to a wall or using a privacy screen filter.
- Team leaders should encourage employees to think about their surroundings when accessing sensitive information. Hold brief team meetings to discuss how to judge whether a location is suitable for viewing confidential information.
Audit / evidence tips
- AskA record of communications to staff about screen privacy measures GoodEvidence of regular communication with clear guidance on maintaining screen privacy
- GoodA list showing who has received a privacy filter and when
- AskTo see the employee onboarding checklist. Look to see if screen privacy and information security in public spaces are included GoodA checklist item that notes screen privacy was covered with new hires
- GoodComprehensive guidelines that advise on public space data viewing
- AskRecords of team meetings or training sessions discussing prudent public practices GoodConsistent records showing employees were trained about screen privacy
Cross-framework mappings
How ISM-0866 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.1 | ISM-0866 requires users to avoid viewing sensitive or classified information on mobile devices in public unless they can minimise the ris... | |
| sync_alt Partially overlaps (1) expand_less | ||
| Annex A 7.7 | ISM-0866 requires that sensitive or classified data is not viewed on mobile devices in public locations unless steps are taken to reduce ... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.