Legal
Table of contents
Issues with personal employee data
C-level employees and byod policies
Responsibilities and issues with employees
Hr saying “no”
ItPoints of data leakage
The role of security
Hr
Legal
Issues Legal
Personal employee data
If an employee loses their phone, does the company have the right to perform a remote wipe?
What constitutes “consent” in the context of company access to an employee’s phone?
What is the company’s responsibility if, in the event of a security breach which leads to the employee’s device being monitored, the company mistakenly views personal information that it is not legally allowed to see?
Genetic information? (Against the Genetic Information Non-discrimination Act of 2008)
Disability information? (Americans with Disabilities Act)
01011010101101011010101
01010111010
Learn moreLearn more
Issues Legal
If an employee deletes company information covered by discovery requirements, who is liable?
How do corporations achieve consent from customers, regarding their data? Can the corporation put private customer information on devices that are out of the corporation’s direct control?
Users aren’t necessarily motivated to report things that they have done that resulted in the loss of company data.
When an employee leaves the company, it is unclear whether the company has the right to remotely track or wipe that now-former employee’s personal device.
Once the employee leaves, they are technically no longer employed and no longer bound by the company’s byod policy.
Learn more
Issues Legal
Researching and finding what is permissible and responsible, regarding company data, customer data, and employee data.
Enforcing government compliance requirements (along with It department)
Determining, once a breach is confirmed, what regulatory constraints you are under in this situation.
Learn more
Legal
Employees should understand that failing to abide by a signed agreement
Employees have been
for intentionally deleting company data covered by discovery requirements.
fined up to 35,000$$ $$ $
–
may result in legal repercussions.
Learn more
Legal
Loss of devices by C-level employees present a higher risk, as they can contain much more sensitive information, such as the company’s financials, potential takeover targets, the personal business of other people (both within the company and without), and more.
make exceptionsfor executives.
At the same time, 24% of companies
with a restrictive byod policy will
Learn more
Human resources
Issues Human resources
Finding the budget for hardware and software solutions
Employees either ignoring or not understanding policies
Employees who are upset when/if they lose data due to a necessary data wipe when devices are lost/misplaced
Employees losing their devices and not reporting it to Hr - replacing it themselves, etc. (whether they just don’t think it’s a big deal, or whether they are afraid to get in trouble for losing the device, etc.)
?
Learn more
Responsibilities Human resources
Creating the actual policies that employees need to follow
Informing and educating employees about byod policies - making sure employees know what they can and can’t do.
Coordinating between It, Legal, and employees
Budgeting for hardware and software solutions
Keeping track of customer devices and information
Learn more
Responsibilities Human resources
Create and enforce “checkpoints,” where employees reset devices or wipe the corporate “sandbox” portion of corporate data on the personal device
Can also be done remotely by most Mobile Device Management (MDM) providers
If It department doesn’t e�ectively do this automatically, then it relies on policy and procedure, which Hr has to enforce instead.
Learn more
Responsibilities Human resources
Government jobs with classified information
Health care environments with private patient records
Financial services with sensitive company information
In these circumstances, you should be able to find the funds for a corporate device.
Fewer maintenance and storage issues
Company completely controls the device and the data
In some scenarios, Hr simply has tosay “no,” when it comes to byod:
Learn more
Human resources
Almost
haven’t educated employees on byod privacy risks
?80% of companies
Learn more
Human resources
of companies don’t have any sort of
Two-thirds (67%)
policy in place about public cloud solutions.
I agree
Learn more
Human resources
haven’t trained employees in their proper use. ?
?? ?
Four in five (80%)
Learn more
It
Issues It
Employees attempting to bypass security measures
Potentially lost devices, leading to a necessary wipe, whether partial or complete
Accurately keeping track of the data
or key lock on byod devices.
Only 31% of organizations require a password
Learn more
Issues It
Lost devices
Data stolen from devices being used on unsecured networks (airports, co�ee shops, etc.)
Phone storage cards being stolen
When an employee leaves the company (either amiably or not), how is the data protected?
When employees upgrade/replace their phones
Create specific policies around all devices that carry corporate data that all employees have to sign o� on.
Probably a collaboration between Legal and Hr (determining policies)
Potential solution
Potential points of data leakage:
Learn more
Responsibilities It
Implementing security measures on employee phones
Monitoring security reports
Setting up and maintaining vpn clients for employees to securely connect to corporate network
Enforcing compliance requirements (along with Legal department)
of an employee’s phone when he quits or is terminated.
Only 21% of companies will do a remote wipe X
Learn more
Want the latest in Tech news?Subscribe to Dell’s Tech Page One Digest
Sources:http://techpageone.dell.com/technology/byod-policies-tangle-hr-legal/#.U9geUIBdXNNhttp://www.beckershospitalreview.com/healthcare-information-technology/9-statistics-on-byod-security-policies.htmlhttp://www.acronis.com/en-us/pr/2013/07/17-08-07.html
Sign me up!
Top Related