Mobile Device Management

TEMIA: BYOD Dos and Donts

Issue link:

Contents of this Issue


Page 4 of 12

Copyright © 2013 TEMIA P a g e | 4 Don't Ignore BYOD Employee demand for BYOD is identified by 45% of respondents as the primary reason that firms implement it. The other key drivers reported in TEMIA's survey include desire to reduce costs, with 43% of enterprises seeking to reduce hardware and service costs and 13% of enterprises seeking to reduce mobile support and staff hours. BYOD presents several challenges with security risks, potential theft of intellectual property and runaway costs when employees expense service charges that have no proactive controls in place. Today, everyone is an expert at thwarting corporate policy. Employees may bypass official corporate policy and use "shadow" technology that has not been approved. So managers need to learn the ways which employees are circumventing corporate policy to use personal devices and applications at work. Ignoring BYOD is not an option. Employers are ultimately responsible for intellectual property and personal information. The United States, Australia, Britain, France, Germany, Ireland and Spain have penalties or are developing stiffer sanctions for breaches of personal information. France's cap on fines is €150,000 for a first offense, plus five years in prison. German data fines can reach €250,000 and Spain can impose fines up to €600,000. In the United Kingdom, fines are unlimited. Japan imposes fines of 300,000 yen and up to six months in prison. Google and Facebook face fines up to $1.1 million and other sanctions for privacy lapses under Australian privacy laws. Financial and medical records have special safety protections. BYOD programs raise new concerns for CEOs and CFOs of public companies in the U.S. that must attest to the adequacy of their Sarbanes Oxley internal controls. If employees have patient health care records on their devices, employers face penalties for data breaches. After an employee left patient records on a subway car, Massachusetts General Hospital settled a patient-privacy complaint for $1 million. Enforcement is rising with the Department of Health and Human Services is conducting audits for compliance to HIPAA and HITECH. Violation of data privacy law imposes costs beyond financial penalties. Firms face damage to their reputation and loss of business for data breaches. Do Consider Legal Matters for BYOD Blurring of personal and private information on employee owned devices and applications raise new legal issues. If IT staffers need to access corporate data on an employee's personal device and they discover intellectual property the employee should not have what happens? Does the IT team have permission to conduct e-discovery on personal data? What if an employee's device has crime evidence or inappropriate photographs? Are findings admissible in court? Is this a violation of employee's privacy rights? Is the company responsible if a terminated employee's personal data is deleted when their device is remotely wiped?

Articles in this issue

Links on this page

Archives of this issue

view archives of Mobile Device Management - TEMIA: BYOD Dos and Donts