From: Enterprise Communications
Written by: Tobias Manolo
As the take-up of mobile devices, such as iPads, smartphones and others, continues to grow, their use raises even more challenges for employers, and many organisations have adopted official policies to enable employees to use their personal mobile devices in order to create, store and transmit work-related data. Referred to as ‘Bring Your Own Device’ (BYOD), these policies make an employee’s device a ‘dual use’ device and whilst the reduce expenses, use new technology more quickly and have easier access to corporate data, they have raised certain legal challenges.
Because the creation and storage of data is well regulated, there have been laws imposed about information security and obligations for certain types of businesses to ensure they are safe-guarding personal data. It is now being considered that security breach notification laws could have a place when it comes to employees’ mobile devices, particularly if that device becomes lost, is hacked or is stolen, or is put in a position whereby unauthorised access could occur. Unless the personal data on that dual use device is encrypted, employers could be liable. Legally mandated encryption requirements could mean the encryption of portable storage media that incorporates personal data. On top of that, the HIPAA Security Rule requires covered entities are considered , whether encryption of personal health data is in an electronic format or not.
Most non-disclosure and/or confidentiality agreements, as well as court protective orders, require parties to destroy, securely, confidential data that has been got from the counter-party. Meeting these requirements can be a challenge if the records are stored on employee devices or with cloud providers which are beyond their control.
BYOD’s bring about a whole wealth of eDiscovery challenges; employers have little knowledge of where all data is stored and could be left with little ability to retain data from these sources, being at the mercy of the employees data; it could be difficult to copy data from an iPad or iPhone and the methods of collecting data could vary according to the operating system being used.
In the past, the use of BYOD devices could have led to disciplinary action or even termination of employment. Today, the way we work is very different and it is commonplace for many employees to use their own mobile devices. If you are going to adopt a BYOD policy, you will need to update your confidentiality agreements, too, and take the necessary steps to protect any confidential or sensitive data, including trade secrets. And should an employee leave, it is imperative that any such data is deleted from the departing employee’s personal mobile device.
Leave a Reply