Employees are increasingly using (and demanding to use) their personal devices to store and process their employer's data, and connect to their network...
Even if cost-savings is not the goal, most companies believe that processing of company data on employee personal devices is inevitable and unavoidable. Unfortunately, BYOD raises significant data security and privacy concerns, which can lead to potential legal and liability risk.
Many companies are having to play catch-up to control these risks.
This blogpost identifies and explores some of the key privacy and security legal concerns associated with BYOD, including “reasonable” BYOD security, BYOD privacy implications, and security and privacy issues related to BYOD incident response and investigations.
Take the example of company-owned laptop issued to an employee. When it comes to security, the company can:
- determine and limit the type of devices that can be used;
- implement minimum system requirements and configurations;
- install security-related software to the device;
encrypt company data on the device;
- apply security patches;
- monitor the use of the device to detect misuse, hacking or malware;
- dictate how the device connects to the company’s network;
- install and update anti-virus software;
- provide support for the device; and
obtain/access the device for purposes of an investigation (because the company owns the device).