Posted on: March 26, 2014in Blog
BYOD and ESI | 5 Things You May be Leaving Out of Your BYOD Policy
Bring your own device, or BYOD. When uttered, that four letter acronym curls the nose hairs of every IT professional!
The nerds have relinquished control!
But all hope is not gone as you have just been asked to help create a BYOD policy. Of course, one must consider electronic discovery when creating a BYOD policy.
How will the data be extracted from the mobile device? How can it be preserved and collected? What about personal data commingled with business records? Does the corporation have the authority to seize a personal device? How can the data be reviewed?
Is it really that big of an issue? Is it just a fad? Well, even the White House has guidelines for agencies that want to have such a policy.
A BYOD policy is no longer a nice-to-have, it is almost a necessity. Here are some ideas to consider when creating that policy.
1. A statement in your BYOD policy that states devices cannot be shared, used or accessed by others and that includes friends and family
If your household is like mine then you have small humans bouncing around and they love gadgets. I broke down and purchased my kids iPad minis for Christmas. Despite my generosity they still pester me about using my iPhone and iPad. Both devices are used for work and I am adamant that no one but me uses them. I use these devices to create, receive and store important and sensitive business records. I placed pass codes on all my devices and I am the only one that has those codes. How easy would it be for a precocious toddler to accidentally forward a sensitive e-mail to a random contact? Or delete an important text or document? Consider including a statement in your BYOD policy that states devices cannot be shared, used or accessed by others and that includes friends and family.
2. Look beyond the base applications that come standard on most smart devices.
For example, look at secure email applications such as Good. Such applications may require an investment in infrastructure, but deliver an added layer of security that may not be available in most default mail applications.
3. Look into a Mobile Device Management (MDM) solution.
Again, this may require an investment on the part of an organization, but an MDM solution such as MobileIron can limit the apps that a user can download and can initiate a remote device wipe if a device is lost. More sophisticated systems can even disable access to corporate assets if the device violates a usage policy.
4. Request the password to the user's iTunes account.
If your organization doesn’t have the means to deploy an mobile device management policy, but still want to have the ability to remotely wipe a lost device; request the password to the user’s iTunes account. Yes, a user may be hesitant to let you have it, but hey, you already have their password for laptop, etc. I am not a lawyer and there may be privacy issues with this approach; however, it is a good way to monitor the applications being installed on the device. The user needs to make sure they are careful with the “selfies”…and of course, the IT department must remember that with great power comes great responsibility.
5. AUDIT the BYOD policy and have a zero tolerance policy.
While it was mentioned that an MDM can detect non-compliant devices, not everyone is going to deploy such a system. A policy is not worth the paper it’s printed on if it is not enforced. And to enforce a policy, one must monitor. At the low end this may mean random checks of employee’s devices to ensure they are complying with the BYOD policy. If you find folks that are violating the policy you may give them a warning the first time and the second it is bye-bye to BYOD for that employee. Whatever the decision is, make it fair and apply the punishment consistently.
Some neat facts about smartphones users in the U.S.:
! 50% of entire US population uses a smart device ...by 2017 that percentage will increase to 68%.
! 132 minutes is the average amount of time spent each day for Communication and Social Media.
! 4/5 smartphone users check their phone within 15 minutes of waking... ...80% say it’s the first thing they do in the morning.
! 79% of smartphone users have their phone on them all but 2 hours of their waking day.
Schedule a Complimentary Consultation with an expert today if you want expert advice on creating and/or implementing a robust Information Governance policy in your organization.
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted November 16, 2017
5 Workflow Tips for Conducting a Foreign Language Review
Posted November 10, 2017
What You Need to Know About Managed Review and the eDiscovery Process
Posted November 02, 2017
7 Steps to Help You Defensibly Migrate eDiscovery Data
Posted October 27, 2017
CLE Webinar with Lewis Brisbois: How to Do Social Media Collection and Presentation Right
Posted October 26, 2017
Despite Clawback, Defendant’s Reckless Abandon of Rule 502 Bites Back
Posted October 20, 2017
How to Use the eDiscovery PST Export Tool in Office 365 E3
Posted October 12, 2017
Recent eDiscovery Cases for Mobile Phones and Social Media
Posted October 05, 2017
Raising Objections to the Format of ESI Productions: Do it Early and Do it Clearly
Posted September 27, 2017
5 Reasons eDiscovery Alternative Fee Models Make Sense for You
Posted September 22, 2017
Why it's Crucial to Have a Corporate Mobile Device Policy