Posted on: March 26, 2014in Blog
BYOD and ESI | 5 Things You May be Leaving Out of Your BYOD Policy
Bring your own device, or BYOD. When uttered, that four letter acronym curls the nose hairs of every IT professional!
The nerds have relinquished control!
But all hope is not gone as you have just been asked to help create a BYOD policy. Of course, one must consider electronic discovery when creating a BYOD policy.
How will the data be extracted from the mobile device? How can it be preserved and collected? What about personal data commingled with business records? Does the corporation have the authority to seize a personal device? How can the data be reviewed?
Is it really that big of an issue? Is it just a fad? Well, even the White House has guidelines for agencies that want to have such a policy.
A BYOD policy is no longer a nice-to-have, it is almost a necessity. Here are some ideas to consider when creating that policy.
1. A statement in your BYOD policy that states devices cannot be shared, used or accessed by others and that includes friends and family
If your household is like mine then you have small humans bouncing around and they love gadgets. I broke down and purchased my kids iPad minis for Christmas. Despite my generosity they still pester me about using my iPhone and iPad. Both devices are used for work and I am adamant that no one but me uses them. I use these devices to create, receive and store important and sensitive business records. I placed pass codes on all my devices and I am the only one that has those codes. How easy would it be for a precocious toddler to accidentally forward a sensitive e-mail to a random contact? Or delete an important text or document? Consider including a statement in your BYOD policy that states devices cannot be shared, used or accessed by others and that includes friends and family.
2. Look beyond the base applications that come standard on most smart devices.
For example, look at secure email applications such as Good. Such applications may require an investment in infrastructure, but deliver an added layer of security that may not be available in most default mail applications.
3. Look into a Mobile Device Management (MDM) solution.
Again, this may require an investment on the part of an organization, but an MDM solution such as MobileIron can limit the apps that a user can download and can initiate a remote device wipe if a device is lost. More sophisticated systems can even disable access to corporate assets if the device violates a usage policy.
4. Request the password to the user's iTunes account.
If your organization doesn’t have the means to deploy an mobile device management policy, but still want to have the ability to remotely wipe a lost device; request the password to the user’s iTunes account. Yes, a user may be hesitant to let you have it, but hey, you already have their password for laptop, etc. I am not a lawyer and there may be privacy issues with this approach; however, it is a good way to monitor the applications being installed on the device. The user needs to make sure they are careful with the “selfies”…and of course, the IT department must remember that with great power comes great responsibility.
5. AUDIT the BYOD policy and have a zero tolerance policy.
While it was mentioned that an MDM can detect non-compliant devices, not everyone is going to deploy such a system. A policy is not worth the paper it’s printed on if it is not enforced. And to enforce a policy, one must monitor. At the low end this may mean random checks of employee’s devices to ensure they are complying with the BYOD policy. If you find folks that are violating the policy you may give them a warning the first time and the second it is bye-bye to BYOD for that employee. Whatever the decision is, make it fair and apply the punishment consistently.
Some neat facts about smartphones users in the U.S.:
! 50% of entire US population uses a smart device ...by 2017 that percentage will increase to 68%.
! 132 minutes is the average amount of time spent each day for Communication and Social Media.
! 4/5 smartphone users check their phone within 15 minutes of waking... ...80% say it’s the first thing they do in the morning.
! 79% of smartphone users have their phone on them all but 2 hours of their waking day.
Schedule a Complimentary Consultation with an expert today if you want expert advice on creating and/or implementing a robust Information Governance policy in your organization.
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted March 16, 2017
7 Best Practices for a Defensible Legal Hold Process
Posted March 10, 2017
BYOD Privacy: 6 Considerations to Protect Your Business
Posted March 08, 2017
3 Benefits of Managed Review
Posted March 02, 2017
How Data Repurposing Can Lower the Cost of Discovery
Posted February 23, 2017
Women in eDiscovery Atlanta | New Data Technology Trends
Posted February 23, 2017
Corporate Internal Investigations Best Practices
Posted February 13, 2017
4 Key Internal Roles Involved with Conducting Corporate Investigations
Posted February 09, 2017
Corporate Internal Investigations: A Legal & IT Love Story [Webinar]
Posted February 09, 2017
Intellectual Property Theft: How to Ensure a Defensible Investigation
Posted February 02, 2017
Could the Amazon Echo be a New Source of ESI?