Is developing a BYOD policy a legal or an IT function? ANSWER: Both.
Developing and enforcing sound Information Governance policies needs input from both legal and IT so that they operate from both a technical perspective and are legally defensible. BYOD policies are the perfect example. How many employees in your company are using personal mobile devices for work? Likely many. We have previously blogged about the trend of employees using personal devices in the workplace, often called “bring your own device” or BYOD. The use of a personal mobile device for work raises privacy concerns that should be on the radar when developing or updating an organization’s information governance policies. Symantec, an internet protection and security company, considered how data on unsecured devices was accessed in an experiment called “The Honey Stick Project”.
Symantec intentionally abandoned 60 mobile devices containing simulated corporate data. While this is not a statistically significant sample, the results are interesting. For many of the lost devices, corporate information such as human resource files and corporate emails were accessed by third parties.No organization wants to be the next big headline about a privacy data breach. The bottom line: If your employees BYOD, ensure appropriate policies are in place to protect any company information stored on those devices.