Don’t Leave Yourself Liable To A BYOD Disaster
In this age of increased mobile device use, it only stands to reason that the line between a personal device and one used for work would eventually be blurred. Such is the case today, and as a result, the concept of Bring Your Own Device, or BYOD, was born.
Put simply, BYOD means that employees use their own personal laptops, tablets, or smart phones for business purposes. There are many advantages to this, the biggest one being that the employee now has round the clock access to work-related resources, and thus can respond to events that occur outside of normal working hours.
Unfortunately, BYOD brings with it certain downsides, including some liabilities that could really hurt an organization. Here are three issues that you should be on guard about, plus a few possible solutions.
The article “6 BYOD Disasters You Can Avoid With Good Planning” points out that employees have sued their employers due to invasions of privacy, specifically when managers or IT staff are caught reading personal messages or looking at private photographs.
While granted, anyone who wants to do BYOD needs to accept a certain level of risk, there must be limits. If the user keeps personal data and business data in distinctly separate folders that should serve as a good hint (e.g. “Stay out of my personal stuff!”). Naturally, it may be prudent to have a provision in your BYOD policy that states that anyone found rummaging through clearly marked personal data will be fired.
Security And Confidentiality
We’ve covered employee privacy, and now it’s time to move on to the customer side of things. Any business worth its salt has a section on their website that deals with legal boilerplate, things like Terms and Conditions, or a Privacy Notice. But what happens if a customer’s personal data is on a mobile device that then gets stolen or lost? This could result in substantial legal problems for the company.
The solution is to set up BYOD guidelines that determine what kinds of data can be stored on a mobile device, as well as having protocols in place for what to do in the case of a missing or stolen device. There are also utilities available that allow IT people to remotely block, brick or wipe a device. However, the device owner usually needs to upload the right software to allow the remote functions, and also be okay with the idea that their device may get ruined in the process.
As a final thought, bear in mind that your company’s definition of private information may differ from how common law defines it.
Many software companies are rather particular in how their products are being used. There are limitations such as the number of people who can use the software, and how or where they can use it. If a BYOD device owner ends up using the software outside of the confines of the business and this is somehow in breach of Terms and Conditions, you could have a real problem on your hands. If the offense is serious enough, you could lose use of the product, or worse.
Again, the best way to deal with this sort of problem is to have a well-considered BYOD policy that applies up and down the chain of command, no exceptions, and is clear, comprehensive, and given to every BYOD user. In fact, it may not be a bad idea to frame the policy in the form of a document that users need to read and sign.
All in all, BYOD is a cost-effective, convenient policy that, like so many other new tech-driven practices, comes with certain legal ramifications that have yet to be fully hammered out by society as a whole. In the meantime, clarity and completeness of your unique policy are your best bet.
Speaking of things like liability and privacy, “Top Tips To Protect Yourself From Fraud” offers some good ideas for fighting fraud.
Byline: John Terra has been a freelance writer since 1985. He writes about everything from network security to the latest tech gadgets.