BYOD is fraught with legal peril, audience told

BYOD is fraught with legal peril, audience told

Orlando -- Businesses worry most about security when it comes to bring-your-own-device programs, but the legal ramifications of letting employees use personal smartphones and tablets at work can be just as threatening, attendees of Enterprise Connect were told.

These issues include accidentally removing workers' personal and potentially valuable data from the devices when legitimately purging corporate data, says Michael Finneran, principal at dBrn Associates speaking at the conference on unified communications.

+ Also on Network World: BYOD Research Center +

Even when employees agree to allow their employers to install software on their phones they may have a legitimate gripe if personal documents and photos are destroyed in what he describes as a "thermonuclear wipe." Depending on the value of that data, companies could face liability but also legal costs dealing with the fallout.

Beyond that, since these devices may be subject at some point to legal discovery proceedings that are part of lawsuits against the employer, these employee devices could have to be turned over for inspection. This raises privacy issues about whether lawyers should have access to whatever personal information is on a worker's BYOD device, Finneran says.

Similarly, privacy issues can come up if mobile-device management software that can peer into these devices is misused by other workers with access to the management platform, he says.

Beyond litigation, BYOD can cause contractual woes, he said, because it enables employees to work from wherever they have connectivity. While that is a plus from a productivity standpoint, it can become a compensation issue, too. For example a worker asked to simply send data on the device after regular business hours could trigger a contract provision that automatically makes that worker eligible for four hours' pay, Finneran said.

These problems are not insignificant given that 68% of businesses do allow mobile personal devices to be used at work, according to Finneran, and that number is growing.

He said he finds it troubling that 45% of businesses he polled say their BYOD policy allows use of any device for BYOD so long as certain policies are adhered to. In the same survey 41% say their policy allows a limited and specified set of devices if they are running a mobile-device management agent

Of those two choices, "There is a right answer," he said that only specified devices with MDM software should be allowed. So according to his data, more businesses got the wrong answer than got the right one. Another 9% say their policy allows any device with no restrictions.

Security still dominates concerns about BYOD, he says. The threat range is broad because the devices are mobile so they are susceptible to being lost or stolen and jeopardizing sensitive business data. Use of unvetted personal applications can leave the devices open to malware that siphons off corporate data. Even workers' use of weak passwords can pose problems, Finneran says.

The answer is developing policies that clearly define devices that can be used, how they are secured, what rights the business has and what responsibilities the employee has, he said. These policies should be written by groups that include management, IT, IS, legal and human resources members.

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter @Tim_Greene.

Read more about anti-malware in Network World's Anti-malware section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags BYODIT managementunified communicationswirelessNetworkinganti-malwareconsumerization of IT



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments