Site icon IT World Canada

Focus on bring-your-own-liabilities

By now CIOs are well aware that employees want to use their mobile devices at work and will most likely find ways to connect their machines to work systems.

The unfortunate by-product of the fast growing bring-your-own-device trend, according to lawyer and intellectual property expert Arvind Dixit, is the inadvertent exposure of organizations to security risks and legal liabilities.

Many of the legal challenges associated with BOYD have actually been around ever since the use of mobile computing, according to Dixit who is legal counsel for law firm Corrs Chambers Westgarth in Australia. What’s new is that risks have risen dramatically since the adoption of BYOD technologies and practices.
 

Dixit outline some issues that companies need to consider:

BYOD policies – In order to minimize legal risks, companies need a detailed BYOD policy that spells out to employees, managers and executives the terms of the program. A BYOD policy will clarify how the program will operate and allocate risks between the organizations, workers and third parties. The BYOD policy sits alongside the company’s employment policy as the firm’s existing “acceptable use” policies.

Everyone should be required to actively accept the terms of the policy before given the privilege to connect external devices to the firm’s IT systems.

RELATED CONTENT

10 legal challenges to creating a BYOD policy
Four BYOD policy non-nos

Liability issues – Organizations need to determine how they will allocate liabilities between their employees or BYOD users.

For instance, who will take responsibility for lost or stolen devices? Who is responsible for malware and virus attacks associated with employee devices?

Support for devices is another issue that can be controversial. Most employers want to limit their support for BYOD devices to providing connection to the company network. On the hand, employees expect to get support such as technical and security support from the employer.

Licensing and insurance – Dixit said most company BYOD programs fail in the area of determining that the scope of its software licenses are sufficient to cover the program. Business need to make sure that existing software licensing agreement will be able to adequately cover the needs of its BYOD workers and program.

Organizations also need to take into account how this will affect the employees’ need and rights to use applications and software that they have downloaded outside of their work, for work purpose.

Data security and confidentiality – Data security and confidentiality issues are probably the biggest hurdles for companies contemplating BYOD.

For example, the loss of devices that hold sensitive information has resulted in major legal and public relations debacles for many high-profile private and government organizations.

Companies need to investigate the appropriate technologies that can help them prevent data breaches and mitigate the risks.

Dixit suggests looking into sandboxing strategies so that organizational data in isolated and kept in a particular segment of the mobile device specially allocated for professional apps and information.

Another useful technology is remote wiping tools that enable administrators to lock down or wipe clean devices that may have been stolen or lost.

Privacy regulations – Organization need to bone up on privacy regulations that apply to BYOD devices. Firms need to determine what they can and cannot regarding such issues as tracking employee’s online activities and contacts.

Some companies claim the right to track their workers’ online activities when they are using company-owned devices.

 
However, workplace surveillance and telecommunications interception are covered by privacy laws and organizations need to be aware of the boundaries they can work within especially when dealing with employee-owned devices.

Read the whole story here

Exit mobile version