How to balance a company’s need to protect data against employees’ rights to privacy By Jason Moody As bring your own device (BYOD) takes root in enterprises, the line separating personal and corporate data has blurred. For employees, it usually seems simple: work email and files belong to the company. Personal email and family photos belong to the employee, and the company should have no access rights. But employers, focused on risk, are struggling to set proper policies, parameters and expectations. Depending on the industry, size, locations and other risk factors, companies take dramatically different approaches toward BYOD policies. A company with a dozen employees in one location may have no issues with employees using their inexpensive personal tablets to receive corporate email. At the other extreme, a company with thousands of employees and offices around the world may require access to any personal device used for work for the purpose of wiping the device clean in the event it’s lost or the employee leaves the company. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe What’s the right balance between a company’s need to protect data and an employee’s right to privacy? Left unanswered, this question presents a significant risk to employees (e.g., privacy, job security) and employers (e.g., regulatory fines, loss of IP and reputation). And even when the questions are answered, if the governing policies aren’t effective and enforceable, risks remain. To answer these questions and create enforceable BYOD policies, bring all the relevant stakeholders together to make sure everyone understands the issues and agrees on an outcome. HR, legal, IT and end-user representatives must be involved, and the focus should be on educating each group about the concerns of the others and the consequences of getting it wrong. It’s imperative that IT bring to the table a deep understanding of new technology options that will enable employees to use their personal devices while protecting both user privacy and corporate data. Most important for stakeholders is recognizing that if they agree on a policy, and if the reasons for the policy are clearly explained to all employees, then most users will accept the policy and not try to find unsanctioned workarounds that may compromise the company. The need for education, specifically education employees are required to pay attention to, cannot be overstated. Failing to explain why employees cannot use their personal devices leads to the rise of “shadow IT.” Everyone must understand in very clear terms the potential dangers. As BYOD and other emerging technologies bombard an often shell-shocked IT department, companies will continue to face new ethical dilemmas. But by getting all stakeholders to agree on appropriate policies, companies can resolve the ethical questions around BYOD. The result creates a technology framework that enables employees to use their personal devices for work while keeping personal information separate and safe while allowing IT to control and protect sensitive data. Related content opinion What 15 Years in Telecom Taught Me about Enterprise Mobility The changes keep coming By Neal Foster Nov 06, 2014 3 mins Small and Medium Business Telecommunications Industry Mobile opinion How Does Endpoint Security Change in a BYOD World? Four Best Practices for "Any Point Systems Management" By David Kolba Nov 04, 2014 3 mins Small and Medium Business Mobile opinion Mobility/BYOD = Power to the People Changing the way we work By Roger Bjork Oct 30, 2014 3 mins Mobile Device Management Careers Security opinion In BYOD We Trust Why a successful BYOD strategy depends on trust between employer and employee By Tom Kendra Oct 28, 2014 3 mins Careers Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe