Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BYOD Lawsuits Loom as Work Gets Personal

Tom Kaneshige | April 23, 2013
Will BYOD lead to a rash of lawsuits from employees who feel violated? Or maybe a headline-grabbing, class-action lawsuit? Your company better make sure it has an explicit terms-of-use BYOD agreement. Here are ways companies can protect themselves.

However, this doesn't mean problems won't crop up.

Part of the problem is that BYOD often puts business unit managers who aren't well-versed in technical user agreements in a leadership position with mobile apps. They're likely to give the green-light to rogue mobile apps that violate such agreements.

For instance, employees are chiefly concerned about privacy and especially location-based services with BYOD, and so many user agreements stipulate that apps will not collect location-based information. But then someone wants to be helpful and builds a map app for the corporate campus that allows employees to schedule conference rooms and find safety information, such as where to go if there's a tornado.

"Maybe there's also a button on there that says where you are in the campus," Marshall says. "All of a sudden people wake up and realize that every single device using that app is collecting location-based information-that's an issue."

Sound far-fetched? "These are really plausible scenarios," Marshall adds. "There's so much copy and paste and reuse of all these components that these things can happen very innocently."

AirWatch CEO John Marshall

Then there's the dreaded remote wipe, which can land a company in some legal hot water.

Just last year, CIOs said they felt comfortable with BYOD because they held security's holy grail: remote wipe, a scorched-earth capability for wiping all data on a mobile device. (For more on this, check out BYOD Troubleshoot: Security and Cost Savings.)

But employees weren't happy with the idea that the company can wipe personal data on their personal device. Some employees refused to participate in the BYOD program for this reason. Others waited days or weeks before reporting a lost or stolen device so that IT wouldn't wipe it. In late 2010, NPR told the story of a woman's BYOD iPhone mistakenly wiped by her employer, resulting in lost contacts and photos.

MDM software advanced quickly and seemed to come up with a fix. Now companies can wipe only corporate apps from a BYOD smartphone or tablet, leaving personal apps untouched. In fact, AirWatch won't even allow a full device wipe anymore for legal reasons.

While this helps tremendously, it doesn't completely solve the problem.

Let's say a company buys the popular productivity app, Evernote, for employees to put on their BYOD smartphones. Since the company paid for the app, the company can remove it at any time. The note-taking app collects company data but also might store personal data, too. An employee can use Evernote to create a shopping list, recipes, vacation plans, or perhaps something more critical to their job.

Guess what happens to this personal data when the employee leaves the company? The app, along with all the data, is wiped from the device and account. If the BYOD terms-of-use agreement regarding Evernote wasn't spelled out clearly, who is liable for the lost data?

 

Previous Page  1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.