TORONTO – The concept of BYOD – Bring Your Own Device – is a rapidly growing trend with workers conducting business on their personal mobile devices. But according to a new report from Canadian security and ID management company Route1, a number of legal implications are emerging around BYOD security policy.
The company’s new whitepaper, Avoiding BYOD Legal Issues, notes that BYOD means that employees often co-mingle personal and business information on their devices. Generally, device software has few measures to distinguish between sensitive Enterprise data and the owner’s personal information. When an employee’s device is compromised (hacked, stolen, etc.), the Enterprise wipes all data on that device – both business and personal. Enterprises have no other option to protect their sensitive data, but the destruction of employees’ personal property is legally ambiguous.
Another potential pitfall is GPS tracking, the paper continues. If an employee’s personal device contains confidential Enterprise information and is lost or stolen, the Enterprise may use the device’s GPS capabilities in an attempt to locate it. Again, this strategy is legally unclear as it raises issues of monitoring employee whereabouts.
As the workforce becomes more disgruntled about BYOD security policies, Enterprises could face mass litigation, with no clarity on how to react.
