Mobile Communications

Jonathan Dale (Global) - BYOD and Privacy

As BYOD matures, corporate IT departments must prioritize protection of employee privacy

Bring Your Own Device (BYOD) policies that permit employees to use their personal smartphone or tablet of choice have taken the corporate IT world by storm. A well-executed policy has the potential to save businesses money. The convenience for employees, who no longer have to tote around multiple devices for personal and business use, is often seen as a company perk. Most employees, eager to use their iPhone instead of a standard-issue company BlackBerry, are happy to sign up for the program when it’s offered.

Employers are relieved to have a way to keep corporate information secure when it makes its way onto personal devices, which it inevitably will (whether there is a BYOD policy in place or not). Until recently, the main concern about BYOD for IT departments has been protecting sensitive company data in the hands of workers, but that is alleviated with a mobile device management (MDM) solution. Now, as the practice becomes commonplace, employee privacy issues are becoming the focus of the BYOD conversation.

To date, the most common BYOD-related employee complaints are the inadvertent wiping of family photos or the accidental “bricking” of an iPad, though these are, in fact, equally likely to be the result of factory settings. However, given the unfettered access many employers have to employees’ personal information when they agree to a BYOD program, it is only a matter of time before more serious issues arise. It’s not hard to imagine what could happen when IT is granted unimpeded access to an employee’s mobile device. Accordingly, a strong BYOD policy states when the employer has the legal or ethical right to intervene.

The future of BYOD and mobile productivity hinges upon the ability of IT to limit its involvement and access to personal information on employee-owned devices while being able to properly secure corporate data. The responsibility for keeping your BYOD initiative in line spans across regulation, legal and HR departments and should be considered seriously.

1.    Write a strong BYOD policy. Your BYOD policy should be clear, comprehensive and should ensure you are compliant with the Data Protection Act. Within your policy, create a plan for dealing with worst case scenarios. For a global organization, where your operations must comply with multiple, different privacy regulations, knowing how to monitor and control personal devices on your network can be a challenge. It may also mean that you must develop different policies for different regions.

2.    Educate your employees. In March, employers received negative media attention after asking job applicants for passwords to their social media accounts. Facebook and privacy advocates spoke out against the practice. For most people, this kind of request would throw up a red flag, but what employees may not realize when they sign a BYOD policy is that they are handing the same details over to their employers—along with contacts, location history and even what applications they’ve installed. Make sure your employees understand what they are signing and what you are doing to protect them.

3.    Use BYOD privacy settings. A detailed BYOD policy is a must, but no matter how well-conceived and well-intentioned a policy, issues can arise. Look for an MDM solution that puts a much-needed layer of protection in place between employees and corporations by allowing you to block personally identifiable information from being collected on smartphones and tablets. Your solution should also enable you to disable app inventory reporting to restrict administrators from seeing installed personal applications outside of the corporate app catalogue and deactivate location services to prevent access to location indicators such as physical address, geographical coordinates, IP address and Wi-Fi SSID.

Protecting sensitive employee data in the hands of employers is just as critical as the reverse. Users are not yet fully aware of what information their IT department has access to, nor that the information IT can access could relate to an invasion of privacy or discrimination. Failure to educate and protect employees could mean serious repercussions under the Data Protection Act. Companies that are implementing BYOD policies must make employee privacy a top priority.

By Jonathan Dale, Product Marketing Manager at Fiberlink


« Dan Swinhoe (Middle East)- SMBs (pt II): Opportunities


Dan Swinhoe (Middle East)- SMBs (pt I): Challenges »


Do you think your smartphone is making you a workaholic?