IT World Canada recently published some advice on the importance of understanding the legal issues involved in enterprise mobility programs. In the article, “The enterprise mobility due diligence IT execs need to do,” author Lou Milrad explores the legal issues that affect mobility programs, be they BYOD or corporate-issued alternatives.
Given the many drivers behind the BYOD movement, among which are the desire by employees to use a single device for personal and office use, organizations have been implementing single device strategies that restrict and control access to corporate servers and data, while also offering a partition of the device for personal use. BYOD, COPE and variants therein all attempt to find the right balance of data protection and legal requirements with the flexibility required by employees.
The article references a whitepaper, “BYOD: Is Your Organization Ready?,” put out by the Information and Privacy Commissioner of Ontario, Canada that has a handy table to help differentiate between different BYOD program types, as well as the privacy and security risks inherent in BYOD programs.
The article sets out the importance of connecting your mobile strategy with your end-to-end security policies to ensure that data remains protected:
“While mobile devices, come in a variety of designs and dimensions, ranging from smart phones, tablets to phablets, and sometimes include notebooks (in the ever-diminishing size), your organizational strategy must, of necessity, translate into a policy that reflects security and privacy containment – a policy that prohibits access and retention for personal benefit or possible disclosure, inadvertently or by design, of organizationally privileged and sensitive data , as well as that category of data required by law to be maintained as private or confidential."
In determining a mobile approach, the article suggests a risk assessment that recognizes the potential for mobile devices to breach data in any number of ways: external intrusions, data destruction, unauthorized or inadvertent disclosure of data, loss of the device, and considerations when it comes to cloud-based services. How can your organization ensure corporate and protected data is not transferred to personal devices and accounts? What risk mitigation steps can be taken to protect data on mobile devices?
While the mobility landscape is changing and complex, we are here to help. Absolute Computrace, for example, provides foundational support for all activities related to Governance, Risk Management, and Compliance (GRC) for the endpoint. We know mobility and BYOD can be complicated. Learn more about how we can help here.