Systematic Literature Review on Security Access Control Policies and Techniques Based on Privacy Requirements in a BYOD Environment

The proliferation of personal digital devices in professional and institutional environments has substantially altered the landscape of organisational information security, compelling enterprises across diverse sectors to reconsider their protective strategies in ways that balance operational agility with robust data governance. This review examines access control policies and security techniques deployed within personal-device-inclusive workplace environments, with particular attention to the intersection of privacy requirements and enterprise security frameworks. Drawing upon a comprehensive body of literature spanning theoretical models, empirical investigations, regulatory analyses, and practitioner studies, the review identifies and critically evaluates prevailing methodologies, including role-based, attribute-based, and usage control paradigms, alongside mobile device management platforms, cryptographic authentication mechanisms, and data leakage prevention strategies. The review further interrogates the regulatory context within which such policies must operate, examining the implications of comprehensive data protection legislation for enterprise security architecture design. Findings reveal persistent tensions between user autonomy and institutional control, between technological capability and policy enforcement, and between security rigour and operational usability. Substantive gaps are identified in existing scholarship, particularly in relation to contextual access control implementation in heterogeneous device environments, the psychological dimensions of user compliance behaviour, and the adequacy of existing frameworks in anticipating the convergence of edge computing, blockchain-enabled authentication, and the Internet of Things. The paper delineates priority directions for future inquiry and practical intervention, including adaptive policy architectures and privacy-preserving access control mechanisms that accommodate evolving threat landscapes without compromising individual rights or organisational productivity. The synthesis concludes that effective governance in such environments demands an integrated approach combining rigorous technical controls, sound policy design, regulatory alignment, and sustained investment in security education and behavioural change programmes.