BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.
To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.
To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.
Employees' love affair with their smartphones, digital tablets and other mobile devices can cause serious security and privacy problems for employers, because an increasing number of workers are bringing their devices to work.
Many employers are agreeing to let workers bring personal mobile devices to the office to keep them happy, improve productivity and perhaps save the company money, experts say. And in many cases, it simply may be a case of bowing to the inevitable, because workers are bringing their phones and tablets to work anyway.
Therefore, it is critical firms establish policies for the use of these personal devices to ensure company data is protected, experts say. There also are steps firms can take to segregate company and personal data.
Use of personal devices at work is “quickly becoming more the norm than the exception,” said Alan E. Brill, senior managing director of secure information services for New York-based Kroll Inc. There is “a huge demand for people to be able to access data on portable devices, whether those are smartphones or tablets, and a growing recognition on the part of corporations that that's something that they're going to do, so we very quickly went from, "Over my dead body,' to, "How can we facilitate this in a secure way?'”
Philip L. Gordon, a shareholder with law firm Littler Mendelson P.C. in Denver, said more and more employees prefer to use their own devices because “in some instances the employee's technology is actually better than the employer's technology. Sometimes, it's because the employee doesn't want to carry a personal device and a business device.” And sometimes employees want to have their own device because of the music on it or because they want to keep their personal photos with them all the time, he said.
The time people spend at work also is a factor. “People are just more productive when they have access to their enterprise's information all the time,” said Nicko van Someren, chief technology officer for Sunnyvale, Calif.-based Good Technology Inc., which provides mobile management technology solutions.
“The genie, on some level, is out of the bottle, so trying to address it is important,” said David Navetta, a Denver-based partner with the Information Law Group.
“It's better to adapt policies to reality than to try to force reality into a policy,” said Regev Yativ, president and CEO of software firm Magic Software Enterprises Inc. (USA) in Laguna Hills, Calif., which permits employees to use their own devices at work. “If you allow people to work on something that they like, it will make them more productive and the (return on investment) will be much bigger.”
Employees' bringing their own devices to work is “a huge issue,” said Jonathan T. Hyman, a partner with law firm Kohrman Jackson & Krantz P.L.L. in Cleveland. “It's one of the most underappreciated security issues facing corporate America today,” he said. Companies do it because of the good will it engenders, “but they are, to a large degree, sacrificing control and security over their data.”
“The biggest risks for employers are the device is going to be lost or stolen with sensitive customer employee information on it or corporate trade secrets, and that information will be exposed to third parties, potentially resulting in a security breach or a loss or misappropriation of confidential business information,” Mr. Gordon said.
Aaron K. Tantleff, senior counsel with Foley & Lardner L.L.P. in Chicago, said most people will not leave their laptops lying around. But “people are a lot looser” with smartphones and other devices, and more likely to leave them behind in places such as restaurants. People are also prone to lending them “because their friends want to play "Angry Birds.'” They may also loan them to their children, who may download malware-infested apps, he said.
Another concern is company information winding up in the cloud because of employees' actions, experts say. In these cases, “the extent to which you are able to completely control where your data is, who has access to it and how it's...used can go out of your hands,” Mr. Brill said. “And depending upon the sensitivity of the data, not recognizing that phenomena can result in significant risk, which you may or may not be prepared to accept.”
Employers also have to worry about mixing business and personal information, including photos and emails, and what to do with company information on a personal device if the employee is terminated, Mr. Tantleff said.
The use of personal devices at work also raises complex privacy issues. Two years ago, the U.S. Supreme Court decided in The City of Ontario et al. vs. Jeff Quon et al. “that employees that use company-issued devices are not entitled to privacy,” said Peter S. Vogel, a partner with Gardere Wynne Sewell L.L.P. in Dallas.
However, if an employee is using his or her own device but doing company business and emailing intellectual property or conducting work over the personal device, “it becomes very complicated as to whether or not the employee is entitled to privacy” and who owns the intellectual property that is developed, Mr. Vogel said.
Mr. Gordon said, “On the privacy side, it becomes more difficult for an employer to conduct workplace investigations...because once the employee owns the device and the information is on the employee's device, the employee has the right to control the device,” and “the employer is at risk of committing a computer trespass, which is an offense in all 50 states if it accesses an employee's personal device without permission.”
Employer policies differ on these personal mobile devices.
Littler Mendelson, the Denver law firm, does not permit its employees to use their own devices for work, said Michael McGuire, the firm's Minneapolis-based chief information security officer. After considering all the issues involved, everything from tax issues on what obligation employers have to reimburse employees for using their personal devices, to data-related issues, data privacy and security issues, to the employment law issues that could arise if people look at inappropriate content at work, the firm decided “bucking the trend” of permitting employees to bring their own devices was justified, Mr. McGuire said.
Centreville, Va.-based Carfax Inc. permits only selected employees to use their own devices, Chief Information Officer Phil Matthews said. Its salesmen are expected to use company devices, including iPads, to make sure they have a “consistent experience” in making customer presentations, he said. “We want them to be well-prepared,” he said.
Product managers and developers who do not have direct customer contact are permitted to bring in their own devices if they wish, as long as they follow company guidelines and use them appropriately, Mr. Matthews said.