Mobile
News
11/19/2012
12:34 PM
50%
50%

6 Risks Your BYOD Policy Must Address

Strong company policies are a must for managing legal and other risks of personal devices used in the workplace. Are you addressing all the issues?

Six Ways The iPhone 5 and iOS 6 Amp Up Social Opportunities
Six Ways The iPhone 5 and iOS 6 Amp Up Social Opportunities
(click image for larger view and for slideshow)
The lawyers at Foley & Lardner have a message for IT pros about BYOD: Resistance is futile!

That's not an exact quote but it's pretty close. The firm's IT and outsourcing practice recently conducted a webinar for companies grappling with employee-owned devices on and off their corporate networks and the long list of potential issues the BYOD model can cause.

Naturally, the event focused on the legal and related risks associated with BYOD. But it wasn't doom and gloom. The lawyers highlighted the positive potential outcomes of allowing employees to use their own mobile devices and other hardware at work, such as lower costs, improved employee productivity and satisfaction, and even hiring -- the presentation cited a Unisys report that found 44% of job hunters find an offer more attractive if the employer supports iPads. The bottom line: BYOD is happening whether you like it or not.

"At the end of the day, BYOD is not going anywhere," said Foley & Lardner partner Matthew A. Karlyn. "It's only going to increase."

[ Read Does BYOD Make Sense For SMBs? ]

That said, there are innumerable risks associated with allowing employees to use their personal smartphones, tablets, and other hardware for company business. Just as the head-in-sand strategy would be ill advised, so too would BYOD anarchy. Karlyn and his colleagues stressed the need for a strong, thorough policy that employees can actually understand. To that end, he advised regular education and training initiatives, both in person and online. Finally, he noted that policies must be enforced with meaningful consequences for rule-breakers; otherwise, rules are essentially worthless.

The lawyers noted that policy, training and enforcement specifics will vary by business. Highly regulated industries like healthcare and finance, for example, have an entire other set of concerns related to BYOD. But they highlighted just how complex the BYOD workplace can be -- and how specific your policy must be as a result.

A fundamental idea behind the policy-education-enforcement strategy is that the legal and other risks of BYOD can be reduced if both employer and employee clearly understand those risks and their roles and responsibilities in managing them. Consider these six specific issues that you and your employees might not be adequately addressing.

1. Data Is Discoverable.

Foley & Lardner partner Michael R. Overly began his part of the presentation by noting that BYOD devices might be discoverable in lawsuits. In English: Everything an employee does on her personal iPhone, for example, could be used as evidence in a lawsuit against her employer. Overly said that usually comes as a surprise to senior management when he does corporate training work. "More times than not, those executives are absolutely, positively astonished when we explain that when someone participates in a BYOD program, that device may be subject to discovery in litigation," he said.

Employees who assume they have a right to privacy -- it's "my" device, after all -- might likewise be in for a shock. The personal devices they use at work could be examined not only by their employer but by the other party in the lawsuit. Their social media, photographs, personal email, geo-location information and many other kinds of data could be pored over at length.

"Even though people may understand [the discovery process] in a general sense, [they] do not appreciate just how invasive a review like that can be," Overly said. "Which is why it's so important to make sure that people that elect to participate in a BYOD program understand that type of risk -- that, by participating, you're giving up certain rights."

2. Discovery Can Be Expensive.

If you have a come-one-come-all approach to BYOD -- as in "if we allow one device, we might allow them all" -- this might make you rethink it. Lawyers don't typically work cheap and discovery can get expensive. If employees are using not just one but two or more personal devices for work, you're potentially adding a multiplier to your legal costs in a lawsuit. That's because all of those devices might have to be turned over for discovery. In fact, there doesn't even need to be a lawsuit to incur such costs -- just the threat of one and a requirement for litigation hold. "This is a cost that needs to be built in and understood in connection with deciding whether a BYOD program is appropriate for your business," Overly said.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/26/2012 | 7:58:25 PM
re: 6 Risks Your BYOD Policy Must Address
Well folks. There you have it.

If any business is still up for having a BYOD policy after understanding the legal risks, then they are just plain crazy. Same for the employee who will fork over a good bit of their personal life as part of the, ahem, bargain.

I find it hard to believe that BYOD is more cost effective than an employer provided device when you look at the the total cost of ownership (TCO).

BYOD (short of insuring us IT types a good long career) is ridiculous on many fronts... legal, technical, security, privacy... ad nauseum.
NJ Mike
50%
50%
NJ Mike,
User Rank: Strategist
11/26/2012 | 6:23:11 PM
re: 6 Risks Your BYOD Policy Must Address
My solution to this BYOD problem - tell my employer if they need to be to have a smart phone or a tablet, or a laptop, they can issue me a smart phone, a tablet, or a laptop. I don't like to mix business with personal, so the thought of using my personal phone/computers for work is not something I want to do.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
11/26/2012 | 4:30:22 PM
re: 6 Risks Your BYOD Policy Must Address
"The personal devices they use at work could be examined not only by their employer but by the other party in the lawsuit."

This is why you WIPE all evidence from your phone after every call or every app used. No one spies on my private phone, ipad, or tablet. Its also helpful to have multiple fake name accounts on ALL social media. Learn to beat the busybody nosy types at their own game.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.