More on BYOD…

You will recall that in April 2011, our blog cited a poll regarding the use of personal electronic devices at work (“It’s 9:00 am. Do You Know What Your Employees Are Doing?”). At that time, 40% of Canadian employees reported used their own digital devices for work related purposes. However, only 50% of their employers were aware that these employees were accessing company systems with those personal devices.

This premise of BYOD (Bring Your Own Device) is not going away. In fact, according to ARMA’s Information Management Magazine (Nov/Dec 2012 issue), “the days of employees using organization-supplied devices for company business are going the way of the Dodo.” The article confirms that organizations of all sizes and industries are increasing adopting the BYOD trend.

It appears that since we can’t beat them, we’ll have to join them…or at least meet them halfway. Some controls are warranted. Accordingly, organizations must implement appropriate BYOD policies and protocols. Start by consulting existing information governance, corporate security, privacy and acceptable use policies to ensure everything aligns well. Then, consider the following issues before you draft your organization’s new BYOD policy:

1. Security: do your employees have their devices secured with appropriate passwords, locks and “remote wipe” capability in the event a device is lost or stolen?
2. Access:  will personal devices have access to all company data and systems, or are some restrictions appropriate?
3. IT support and costs: will your organization provide IT support or cover the cost of it on personal devices?  What about repairs? Monthly service fees? Upgrades or replacements?
4. Information governance audits: how will personal devices be audited for compliance with classification and retention protocols?
5. Collection: if data stored on a personal device is potentially relevant to litigation, regulatory investigation or audit, what protocols are in place to ensure the device is available for data collection purposes?

​Depending upon your organization’s IT infrastructure and systems, there may be other considerations. A little bit of work up front will ensure that your employees can continue to utilize their devices of choice, but not compromise your organization’s data.