BYOD Stirs Up Legal Problems

Does BYOD put your company in murky legal water? You bet. Employees need protections, too.

Wed, May 09, 2012
Page 2

Slideshow: 10 Coolest Tech Devices to Bring to Work

This legal white-hot knife cuts both ways; employees need personal protections, too.

Companies (and IT departments) can be just as sneaky when it comes to BYOD. Abuses of access run rampant in the tech industry, headlined by Hewlett-Packard surreptitiously obtaining phone records of board members and press in order to ferret out leakers in 2006.

Today, companies will pressure employees to give up Facebook passwords for hiring and firing purposes. What does this mean for BYOD? Most employees have a Facebook app on their personal smartphones and tablets, whereby the app automatically logs them in with their usernames and passwords. When those devices are in the hands of IT, all of a person's Facebook account is accessible.

Tomhave advises employees to lawyer up before signing the BYOD agreement. He envisions a cottage industry of legal advice that helps employees build a privacy protection shield. "You'll want to sign a policy that clearly delineates what the business is allowed to do and not allowed to do," including conditions for seizing and searching the BYOD device in the first place, he says.

Another alternative is to go back to the days of carrying around multiple devices: a personal smartphone and a business smartphone, even if that business phone falls under BYOD. That way, you don't run the risk with crossover.

It's clear that companies and employees need good legal agreements in place for participating in a BYOD program. Unfortunately, such agreements are scarce.

"I don't think a complete risk analysis has been done on any of this stuff," Tomhave says. "A lot of organizations are playing catch-up."

Tom Kaneshige covers Apple and Consumerization of IT for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline and on Facebook. Email Tom at

Our Commenting Policies