BYOD by Department

Byod by department:

Legal Hr It

Presented by:

Legal

Table of contents

Issues with personal employee data

C-level employees and byod policies

Responsibilities and issues with employees

Hr saying “no”

ItPoints of data leakage

The role of security

Hr

Click this buttonto learn more.

Learn more

Legal

Issues Legal

Personal employee data

If an employee loses their phone, does the company have the right to perform a remote wipe?

What constitutes “consent” in the context of company access to an employee’s phone?

What is the company’s responsibility if, in the event of a security breach which leads to the employee’s device being monitored, the company mistakenly views personal information that it is not legally allowed to see?

Genetic information? (Against the Genetic Information Non-discrimination Act of 2008)

Disability information? (Americans with Disabilities Act)

01011010101101011010101

01010111010

Learn moreLearn more

Issues Legal

If an employee deletes company information covered by discovery requirements, who is liable?

How do corporations achieve consent from customers, regarding their data? Can the corporation put private customer information on devices that are out of the corporation’s direct control?

Users aren’t necessarily motivated to report things that they have done that resulted in the loss of company data.

When an employee leaves the company, it is unclear whether the company has the right to remotely track or wipe that now-former employee’s personal device.

Once the employee leaves, they are technically no longer employed and no longer bound by the company’s byod policy.

Learn more

Issues Legal

Researching and finding what is permissible and responsible, regarding company data, customer data, and employee data.

Enforcing government compliance requirements (along with It department)

Determining, once a breach is confirmed, what regulatory constraints you are under in this situation.

Learn more

Legal

Employees should understand that failing to abide by a signed agreement

Employees have been

for intentionally deleting company data covered by discovery requirements.

fined up to 35,000$$ $$ $

–

may result in legal repercussions.

Learn more

Legal

Loss of devices by C-level employees present a higher risk, as they can contain much more sensitive information, such as the company’s financials, potential takeover targets, the personal business of other people (both within the company and without), and more.

make exceptionsfor executives.

At the same time, 24% of companies

with a restrictive byod policy will

Learn more

Human resources

Issues Human resources

Finding the budget for hardware and software solutions

Employees either ignoring or not understanding policies

Employees who are upset when/if they lose data due to a necessary data wipe when devices are lost/misplaced

Employees losing their devices and not reporting it to Hr - replacing it themselves, etc. (whether they just don’t think it’s a big deal, or whether they are afraid to get in trouble for losing the device, etc.)

?

Learn more

Responsibilities Human resources

Creating the actual policies that employees need to follow

Informing and educating employees about byod policies - making sure employees know what they can and can’t do.

Coordinating between It, Legal, and employees

Budgeting for hardware and software solutions

Keeping track of customer devices and information

Learn more

Responsibilities Human resources

Create and enforce “checkpoints,” where employees reset devices or wipe the corporate “sandbox” portion of corporate data on the personal device

Can also be done remotely by most Mobile Device Management (MDM) providers

If It department doesn’t e�ectively do this automatically, then it relies on policy and procedure, which Hr has to enforce instead.

Learn more

Responsibilities Human resources

Government jobs with classified information

Health care environments with private patient records

Financial services with sensitive company information

In these circumstances, you should be able to find the funds for a corporate device.

Fewer maintenance and storage issues

Company completely controls the device and the data

In some scenarios, Hr simply has tosay “no,” when it comes to byod:

Learn more

Human resources

Almost

haven’t educated employees on byod privacy risks

?80% of companies

Learn more

Human resources

of companies don’t have any sort of

Two-thirds (67%)

policy in place about public cloud solutions.

I agree

Learn more

Human resources

haven’t trained employees in their proper use. ?

?? ?

Four in five (80%)

Learn more

It

Issues It

Employees attempting to bypass security measures

Potentially lost devices, leading to a necessary wipe, whether partial or complete

Accurately keeping track of the data

or key lock on byod devices.

Only 31% of organizations require a password

Learn more

Issues It

Lost devices

Data stolen from devices being used on unsecured networks (airports, co�ee shops, etc.)

Phone storage cards being stolen

When an employee leaves the company (either amiably or not), how is the data protected?

When employees upgrade/replace their phones

Create specific policies around all devices that carry corporate data that all employees have to sign o� on.

Probably a collaboration between Legal and Hr (determining policies)

Potential solution

Potential points of data leakage:

Learn more

Responsibilities It

Implementing security measures on employee phones

Monitoring security reports

Setting up and maintaining vpn clients for employees to securely connect to corporate network

Enforcing compliance requirements (along with Legal department)

of an employee’s phone when he quits or is terminated.

Only 21% of companies will do a remote wipe X

Learn more

Want the latest in Tech news?Subscribe to Dell’s Tech Page One Digest

Sources:http://techpageone.dell.com/technology/byod-policies-tangle-hr-legal/#.U9geUIBdXNNhttp://www.beckershospitalreview.com/healthcare-information-technology/9-statistics-on-byod-security-policies.htmlhttp://www.acronis.com/en-us/pr/2013/07/17-08-07.html

Sign me up!