Bring Your Own Device (BYOD) is highlighted in at least one article or product feature in many tech publications lately. The theory behind the concept has merit: allow employees to use their personal devices for company purposes, thus allowing the employees to select devices they like while reducing costs to the employer. A recent Garner study, as reported by IT World, predicts that 45 percent of companies will require employees to provide their own devices by 2017.
Companies and employees need to understand potential consequences of BYOD before using the service. Without the proper infrastructure in place on the employer’s side, company data could end up in an infinite number of places. This makes data management impossible—nullifying the effects of a document retention policy—and could wreak havoc during the e-Discovery phase of litigation. From the employees’ side, they could have to relinquish their personal devices for inspection or data collection without assurance that only “company” data would be reviewed. This raises not only privacy concerns, but also the inconvenience of being without their device until the process completes. Some companies might require the ability to perform a remote wipe of the device if an employee leaves or is terminated, which, without proper precautions, could erase the device owner’s personal photos and data.
Companies that have already embraced BYOD should set clear expectations with their employees by explaining potential issues. Have a written policy signed by employees using BYOD or included in the company’s employee manual. That policy should be specific, such as whether remote erasing is required, under what circumstances, if so, and what exactly will be erased. Companies should also establish barriers between work and personal data by providing dedicated virtual images or online portals that employees can reach from their personal devices. (Numerous products exist to facilitate these offerings.) It might be less expensive to maintain company-owned devices and forbid connectivity from personal devices than to redesign the company’s technology infrastructure. The company does not want to be conducting this cost analysis while trying to respond to a discovery request of government inquiry.
Not all businesses will be able to provide their employees the latest gadgets, and employees may want to express their individuality by carrying only certain brands. When the choice pits conducting business against potentially invading personal privacy, however, the decision is easy: the employee should happily accept a company-issued device.
Posted May 20, 2013