ILNews

Companies need to draft 'bring your own device' policies

Back to TopCommentsE-mailPrintBookmark and Share

The technology of smartphones and tablets allow professionals to essentially carry a computer wherever they go and, better still for companies, many employees are happy to buy their own mobile device and use it for work.

But while the convenience of handheld, portable computers enables employees to peruse email, communicate with clients and review documents without being tied to the office, the “bring your own device,” or BYOD, trend is creating tensions between how much access an employer can have to the worker-owned device and how much privacy an employee can expect.

Companies are concerned about security, keeping confidential data from falling into a competitor’s hands, and preventing financial account numbers from becoming known to hackers.

Employees want to keep prying eyes, including those of their employers, from looking at the photos of their children, text messages from friends and emails from family stored on their mobile devices.

baker Baker

Drawing a bright line between access and privacy is not possible, attorneys say. Still, rules and policies must be formulated to provide some guidance so businesses and workers will have some idea of what will happen when a company’s security is breached.

Attorneys, however, disagree from where that guidance should come. The role that market forces, courts and statehouses should play sparks debate because of the complex nature of the BYOD questions and the pace at which technology changes.

Setting company policy

Nathan Baker compared smartphones to sunglasses – they are always being left behind.

The Barnes & Thornburg LLP partner said companies must be prepared for employees’ mobile devices to get lost or stolen. Protection measures like encryption and firewalls that are common on desktop and laptop computers are not easily applicable to smartphones and tablets. So whenever an employee leaves the office with the mobile device, company data will be walking around in public with little security.

Companies can mitigate the damage by having BYOD policies which lay out the expectations and requirements. But a policy alone is not enough, Baker said. Companies also need to train their workers on what the policies say and institute methods for ensuring the employees are complying with the rules.

Baker highlighted the hypothetical situation of an employee’s mobile device being stolen and the company wanting to remotely erase the data. Employees will less likely object to having their phones wiped – which will also obliterate their personal information – if they know long before their items are lost what the process will be.

A second reason for training and compliance is litigation, Baker said. If a company becomes the subject of a lawsuit, work-related items on employee-owned devices will have to be preserved for discovery purposes.

Failure to do so can bring stiff spoilage sanctions. One example of this came in January 2014 when the U.S. District Court for the Southern District of Illinois slapped pharmaceutical manufacturer Boehringer Ingelheim with a $900,000-plus fine, in part, because the company did not tell its employees to save work-related text messages on their personal phones.

Courts and legislatures

grayson-ann.jpg Grayson

Ann Grayson, partner at Barnes & Thornburg, pointed to the Boehringer Ingelheim sanction as an example of the courts providing guidance.

The bench, she said, will face more cases involving employee-owned mobile devices and as it issues more rulings, direction will emerge on how companies and workers can navigate the tension between privacy and access. The court decisions will give an idea of where the judiciary is headed on this matter and help inform business about how to craft policies.

Attorney Cameron Shilling, director and chair of the privacy and data security group at McLane Graf Raulerson & Middleton in New Hampshire, believes the job of defining what belongs to a company and what belongs to an employee in a BYOD world will need to be handled legislatively.

The courts, he said, do not understand the concept of company data on employee hardware. Moreover, disputes arising from BYOD do not always provide a legal issue that can be addressed by the judicial system, and any remedy that comes from the courts usually does not arrive fast enough given the speed at which BYOD matters can move.

He is helping to draft legislation to be introduced into the New Hampshire Legislature this fall. Shilling believes the measure, which will define personal data versus company data and personal device versus company device, will be the first of its kind in the nation.

An employer has a right to retrieve company data from an employee-owned mobile device, Shilling said, but the employer has no right to invade the privacy of the employee.

Businesses want tough regulation to force workers to give back company data, he said. But, he continued, any legislation should extend employee privacy to company hardware. The current thinking holds if an employee uses a company computer for personal business, the employer has a right to look at the data and the employee has no privacy.

“I disagree,” Shilling said. “I think to be fair we have to recognize a rule that says an employer shouldn’t unnecessarily invade personal data of an employee on a company device.”

Baker was hesitant about a solution coming from a statehouse.

“I’m always concerned when the legislature steps in particularly on issues like this that are still so new,” he said, explaining legislation typically prevents or prohibits things, and it’s too early to tell where this issue and technology are headed.

The market, he said, may be able to provide the answers. He noted the practice of some employers asking for passwords to job candidates’ Facebook pages. State legislatures enacted laws restricting that practice but, Baker said, the problem largely solved itself when the public’s adverse reaction to the practice made employers quit.

Attorney Ken Mortensen, managing director of the risk assurance practice at PwC U.S., said the judicial branch and the legislative branch can address the problems of BYOD.

Mortensen served as a panelist on one of two seminars examining BYOD issues during the August American Bar Association annual meeting. He joined the discussion on the collision between personal privacy and corporate security.

Shilling participated on the second seminar during the ABA meeting, which also examined privacy and data security concerns.

The courts will have to consider the issue and the legislatures will have to pass laws to address the concerns over the conflict between privacy and protection, Mortensen said. Legislatures are not better than the courts, he said, but the legislative branch can address the matter more comprehensively while a court’s ruling will be based on the facts of a particular case.

Both Baker and Grayson noted a key hurdle to finding a solution to BYOD issues. The variability of the situations coupled with the constant updates to mobile devices make blanket remedies difficult to formulate.

“Because of the ever-changing technology with smartphones and mobile devices, the challenge is about the time you set a rule, a new problem crops up,” Grayson said.•

ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
ADVERTISEMENT
Subscribe to Indiana Lawyer
  1. I have been on this program while on parole from 2011-2013. No person should be forced mentally to share private details of their personal life with total strangers. Also giving permission for a mental therapist to report to your parole agent that your not participating in group therapy because you don't have the financial mean to be in the group therapy. I was personally singled out and sent back three times for not having money and also sent back within the six month when you aren't to be sent according to state law. I will work to het this INSOMM's removed from this state. I also had twelve or thirteen parole agents with a fifteen month period. Thanks for your time.

  2. Our nation produces very few jurists of the caliber of Justice DOUGLAS and his peers these days. Here is that great civil libertarian, who recognized government as both a blessing and, when corrupted by ideological interests, a curse: "Once the investigator has only the conscience of government as a guide, the conscience can become ‘ravenous,’ as Cromwell, bent on destroying Thomas More, said in Bolt, A Man For All Seasons (1960), p. 120. The First Amendment mirrors many episodes where men, harried and harassed by government, sought refuge in their conscience, as these lines of Thomas More show: ‘MORE: And when we stand before God, and you are sent to Paradise for doing according to your conscience, *575 and I am damned for not doing according to mine, will you come with me, for fellowship? ‘CRANMER: So those of us whose names are there are damned, Sir Thomas? ‘MORE: I don't know, Your Grace. I have no window to look into another man's conscience. I condemn no one. ‘CRANMER: Then the matter is capable of question? ‘MORE: Certainly. ‘CRANMER: But that you owe obedience to your King is not capable of question. So weigh a doubt against a certainty—and sign. ‘MORE: Some men think the Earth is round, others think it flat; it is a matter capable of question. But if it is flat, will the King's command make it round? And if it is round, will the King's command flatten it? No, I will not sign.’ Id., pp. 132—133. DOUGLAS THEN WROTE: Where government is the Big Brother,11 privacy gives way to surveillance. **909 But our commitment is otherwise. *576 By the First Amendment we have staked our security on freedom to promote a multiplicity of ideas, to associate at will with kindred spirits, and to defy governmental intrusion into these precincts" Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539, 574-76, 83 S. Ct. 889, 908-09, 9 L. Ed. 2d 929 (1963) Mr. Justice DOUGLAS, concurring. I write: Happy Memorial Day to all -- God please bless our fallen who lived and died to preserve constitutional governance in our wonderful series of Republics. And God open the eyes of those government officials who denounce the constitutions of these Republics by arbitrary actions arising out capricious motives.

  3. From back in the day before secularism got a stranglehold on Hoosier jurists comes this great excerpt via Indiana federal court judge Allan Sharp, dedicated to those many Indiana government attorneys (with whom I have dealt) who count the law as a mere tool, an optional tool that is not to be used when political correctness compels a more acceptable result than merely following the path that the law directs: ALLEN SHARP, District Judge. I. In a scene following a visit by Henry VIII to the home of Sir Thomas More, playwriter Robert Bolt puts the following words into the mouths of his characters: Margaret: Father, that man's bad. MORE: There is no law against that. ROPER: There is! God's law! MORE: Then God can arrest him. ROPER: Sophistication upon sophistication! MORE: No, sheer simplicity. The law, Roper, the law. I know what's legal not what's right. And I'll stick to what's legal. ROPER: Then you set man's law above God's! MORE: No, far below; but let me draw your attention to a fact I'm not God. The currents and eddies of right and wrong, which you find such plain sailing, I can't navigate. I'm no voyager. But in the thickets of law, oh, there I'm a forester. I doubt if there's a man alive who could follow me there, thank God... ALICE: (Exasperated, pointing after Rich) While you talk, he's gone! MORE: And go he should, if he was the Devil himself, until he broke the law! ROPER: So now you'd give the Devil benefit of law! MORE: Yes. What would you do? Cut a great road through the law to get after the Devil? ROPER: I'd cut down every law in England to do that! MORE: (Roused and excited) Oh? (Advances on Roper) And when the last law was down, and the Devil turned round on you where would you hide, Roper, the laws being flat? (He leaves *1257 him) This country's planted thick with laws from coast to coast man's laws, not God's and if you cut them down and you're just the man to do it d'you really think you would stand upright in the winds that would blow then? (Quietly) Yes, I'd give the Devil benefit of law, for my own safety's sake. ROPER: I have long suspected this; this is the golden calf; the law's your god. MORE: (Wearily) Oh, Roper, you're a fool, God's my god... (Rather bitterly) But I find him rather too (Very bitterly) subtle... I don't know where he is nor what he wants. ROPER: My God wants service, to the end and unremitting; nothing else! MORE: (Dryly) Are you sure that's God! He sounds like Moloch. But indeed it may be God And whoever hunts for me, Roper, God or Devil, will find me hiding in the thickets of the law! And I'll hide my daughter with me! Not hoist her up the mainmast of your seagoing principles! They put about too nimbly! (Exit More. They all look after him). Pgs. 65-67, A MAN FOR ALL SEASONS A Play in Two Acts, Robert Bolt, Random House, New York, 1960. Linley E. Pearson, Atty. Gen. of Indiana, Indianapolis, for defendants. Childs v. Duckworth, 509 F. Supp. 1254, 1256 (N.D. Ind. 1981) aff'd, 705 F.2d 915 (7th Cir. 1983)

  4. "Meanwhile small- and mid-size firms are getting squeezed and likely will not survive unless they become a boutique firm." I've been a business attorney in small, and now mid-size firm for over 30 years, and for over 30 years legal consultants have been preaching this exact same mantra of impending doom for small and mid-sized firms -- verbatim. This claim apparently helps them gin up merger opportunities from smaller firms who become convinced that they need to become larger overnight. The claim that large corporations are interested in cost-saving and efficiency has likewise been preached for decades, and is likewise bunk. If large corporations had any real interest in saving money they wouldn't use large law firms whose rates are substantially higher than those of high-quality mid-sized firms.

  5. The family is the foundation of all human government. That is the Grand Design. Modern governments throw off this Design and make bureaucratic war against the family, as does Hollywood and cultural elitists such as third wave feminists. Since WWII we have been on a ship of fools that way, with both the elite and government and their social engineering hacks relentlessly attacking the very foundation of social order. And their success? See it in the streets of Fergusson, on the food stamp doles (mostly broken families)and in the above article. Reject the Grand Design for true social function, enter the Glorious State to manage social dysfunction. Our Brave New World will be a prison camp, and we will welcome it as the only way to manage given the anarchy without it.

ADVERTISEMENT