With BYOD and the blurred lines of mobile technology for personal and professional use, how much privacy can a company reasonably offer its employees? One would assume a standard right to discretion; however, the way we share, monitor, and store information means we likely have little real privacy any more. That said, where does the law—and your responsibility as a CIO or technology leader—begin and end when it comes to mobile technology and staff member expectations?
To get a better idea of the relationship between privacy, data storage, and your rights, look at Apple’s built-in GPS. This standard iPhone feature, with location services enabled, collects information based on when and where you use your phone—and what for. This data (though not transmitted over the web) can be used to inform location-based ads and recommend popular spots based on your interests.
In reality, this kind of collection is incredibly common—and whether or not you’re aware, it’s likely taking place with an app you’ve downloaded or an agreement you’ve signed. Those harmless Facebook quizzes that tell you which Star Wars character you are? They exist to collect your personal information, which you consent to by participating. As you can imagine, the relationship between data storage and privacy is shockingly (and permissibly) fluid.
While much of this data collection seems somewhat harmless and passive since it is mostly designed for providing a better ad experience, the invasive nature of such tracking and data collection on mobile devices that share sensitive company data can be unnerving to say the least for CIOs leaving them to wonder what the best ways are to protect company data without becoming overly restrictive of the employees mobile experience.
Such privacy risk may be fine when it comes to a desktop that’s never “on the clock”, but if you’re connecting to the web professionally, there’s a lot to consider. For example, many states have enacted laws requiring companies to reimburse some or all employee service plan fees when they use personal devices for work. Unfortunately, few specify what data belongs to the user and what belongs to an organization.
There’s no legislature that specifically addresses BYOD, but plenty of laws govern data obligations and privacy. With so much going on behind the legal scenes, it’s important to understand yours and your employer’s legal obligations:
Understanding these official restrictions is a good starting point, but ultimately, the privacy employees are entitled to depends on the usage agreements they sign with their employer. Therefore, contractual obligations are the most important factor when it comes to confidentiality.
Binding contracts are an everyday occurrence in our interconnected world. Staying informed of these obligations is your best defense when it comes to protecting the company’s interest while providing employees some level of personal privacy. Sadly, data agreements are becoming common that they’re easily ignored. Employees may not take the time to read through every policy they come across—but it is important that they do so when it comes to BYOD. Mobile Device Management (MDM) affects every part of the organization that uses mobile devices, so beware of and critically assess these areas before agreeing:
Once employees have signed on the dotted line, they take responsibility for updating the devices that they work on. However, CIOs should aspire to do more than just get the signature, but also provide continued education and guidance as to the best ways for employees to manage sensitive data while using personal devices.
To further clarify the relationship between personal and corporate data, consider teaching employees the importance and best practices for storing company applications, documents, and other business information separately. Furthermore, if the business pays for a data plan, you may consider tracking usage.
Privacy is always a contentious issue, and never more so than today when people’s digital public, private, and professional lives are becoming so intermingled. Contentious as it may be, it’s certainly isn’t an issue to take lightly. What are your thoughts on this? Do you have a plan in place? I would love to hear about it.
Additional Resources on this Topic:
Six Ways to Use Wireless Intrusion Prevention Systems in the Enterprise
Respecting What’s ‘Yours’, Protecting What’s ‘Ours’ in Mobile Enterprises
Addressing New Challenges in Enterprise Mobile Management [Q&A]
The Year in Review: Looking Back at BYOD Innovations and Legislation in 2015
This post was brought to you by IBM Global Technology Services. For more content like this, visit Point B and Beyond
In this guest contribution from Steve Vonder Haar, Senior Analyst with Wainhouse, a Futurum Group…
In this guest contribution from Craig Durr, Senior Analyst with Wainhouse, a Futurum Group Company,…
Futurum's Daniel Newman dives into the recent announcement coming out of Micron, that they will…
Futurum analyst Michael Diamond recaps the Amazon Devices and Services event and reviews some of…
Futurum senior analyst Steven Dickens provides his take on the latest announcements coming out of…
Futurum’s Ron Westfall and Daniel Newman examine Micron’s financial results for the fourth quarter 2022…