Posted on: March 26, 2014in Blog
BYOD and ESI | 5 Things You May be Leaving Out of Your BYOD Policy
Bring your own device, or BYOD. When uttered, that four letter acronym curls the nose hairs of every IT professional!
The nerds have relinquished control!
But all hope is not gone as you have just been asked to help create a BYOD policy. Of course, one must consider electronic discovery when creating a BYOD policy.
How will the data be extracted from the mobile device? How can it be preserved and collected? What about personal data commingled with business records? Does the corporation have the authority to seize a personal device? How can the data be reviewed?
Is it really that big of an issue? Is it just a fad? Well, even the White House has guidelines for agencies that want to have such a policy.
A BYOD policy is no longer a nice-to-have, it is almost a necessity. Here are some ideas to consider when creating that policy.
1. A statement in your BYOD policy that states devices cannot be shared, used or accessed by others and that includes friends and family
If your household is like mine then you have small humans bouncing around and they love gadgets. I broke down and purchased my kids iPad minis for Christmas. Despite my generosity they still pester me about using my iPhone and iPad. Both devices are used for work and I am adamant that no one but me uses them. I use these devices to create, receive and store important and sensitive business records. I placed pass codes on all my devices and I am the only one that has those codes. How easy would it be for a precocious toddler to accidentally forward a sensitive e-mail to a random contact? Or delete an important text or document? Consider including a statement in your BYOD policy that states devices cannot be shared, used or accessed by others and that includes friends and family.
2. Look beyond the base applications that come standard on most smart devices.
For example, look at secure email applications such as Good. Such applications may require an investment in infrastructure, but deliver an added layer of security that may not be available in most default mail applications.
3. Look into a Mobile Device Management (MDM) solution.
Again, this may require an investment on the part of an organization, but an MDM solution such as MobileIron can limit the apps that a user can download and can initiate a remote device wipe if a device is lost. More sophisticated systems can even disable access to corporate assets if the device violates a usage policy.
4. Request the password to the user's iTunes account.
If your organization doesn’t have the means to deploy an mobile device management policy, but still want to have the ability to remotely wipe a lost device; request the password to the user’s iTunes account. Yes, a user may be hesitant to let you have it, but hey, you already have their password for laptop, etc. I am not a lawyer and there may be privacy issues with this approach; however, it is a good way to monitor the applications being installed on the device. The user needs to make sure they are careful with the “selfies”…and of course, the IT department must remember that with great power comes great responsibility.
5. AUDIT the BYOD policy and have a zero tolerance policy.
While it was mentioned that an MDM can detect non-compliant devices, not everyone is going to deploy such a system. A policy is not worth the paper it’s printed on if it is not enforced. And to enforce a policy, one must monitor. At the low end this may mean random checks of employee’s devices to ensure they are complying with the BYOD policy. If you find folks that are violating the policy you may give them a warning the first time and the second it is bye-bye to BYOD for that employee. Whatever the decision is, make it fair and apply the punishment consistently.
Some neat facts about smartphones users in the U.S.:
! 50% of entire US population uses a smart device ...by 2017 that percentage will increase to 68%.
! 132 minutes is the average amount of time spent each day for Communication and Social Media.
! 4/5 smartphone users check their phone within 15 minutes of waking... ...80% say it’s the first thing they do in the morning.
! 79% of smartphone users have their phone on them all but 2 hours of their waking day.
Schedule a Complimentary Consultation with an expert today if you want expert advice on creating and/or implementing a robust Information Governance policy in your organization.
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted May 24, 2017
Unique eDiscovery Challenges with Mobile Device Data and How to Solve Them
Posted May 17, 2017
How to Comply with 21 CFR and HIPAA Data Retention Requirements
Posted May 11, 2017
4 Key Advantages of Conducting Remote Depositions
Posted May 03, 2017
eDiscovery in International Dispute Resolution: What Experts Want You to Know
Posted April 27, 2017
China Expands Data Transfer Requirements for its Cybersecurity Law
Posted April 26, 2017
How to Use Office 365 Advanced eDiscovery to Prioritize Your Review
Posted April 21, 2017
American Bar Association Section of International Law | 2017 Spring Meeting in Washington DC
Posted April 19, 2017
Office 365 Enterprise E5: 6 Features That Could Benefit Your Business
Posted April 12, 2017
Data Reuse in eDiscovery: 4 Questions to Help Start Your Policy
Posted April 05, 2017
ESI Data Mapping Basics for eDiscovery