What are the legal risks of BYOD? In a recent TechLaw10 podcast, lawyers Eric Sinrod and Jonathan Armstrong discuss the many ways that corporate data ends up on personal devices, whether sanctioned or not, and how the impacts organizations from a legal perspective. The podcast discusses a specific scenario where corporate / sensitive data was put on a personal device but, thanks to auto-saving and back-ups, that data ended up in the cloud, unencrypted and unprotected, resulting in a breach.
Organizations have a legal requirement to protect data, which includes everything from training and document retention policies to protecting devices and ensuring only sanctioned devices have access to corporate data. When companies fail to meet these requirements, heavy fines can be levied. The podcast discusses several options that could have mitigated the breach discussed above, as well as other BYOD topics. Listen to this podcast in full here.
To continue the discussion about the case study where a non-work computer breached corporate data, Jonathan Armstrong co-authored a blog post with André Bywater on how to ensure data protection compliance with a home working policy.
TechLaw10 is a 10-minute audio podcast update from U.S. lawyer Eric Sinrod and UK lawyer Jonathan Armstrong where they share insights on developments where technology intersects with the law in the EU and the U.S. Check out the full series of podcasts here or subscribe on iTunes.