A balanced BYOD policy is better all round

1 2 Page 2
Page 2 of 2

Risking user revolt

The big danger is that the user experience will change, and that is when you lose the goodwill of the users. “Consumerisation and Apple’s dominance of the tablet market should have taught us that user experience is everything. If we try to take the user backwards to a less optimal experience then I think they will look to find ways round it,” warns Dancer.

Partitioning, while it is a logical solution, fails this usability test. Creating two devices in one, on the same hardware, means the user has to think which one they’re in - which inevitably means some work will be done in the wrong part of the device. By definition it won’t be easy to move your work from one device partition to the other, so there will be corporate information in the wrong place over which the company will have no control.

Education is essential for a successful mobile usage policy, says Christopher Davies, employment lawyer at national law firm Gateley. The problem is that few people understand that the content of their phone is the company’s intellectual property.

“Employees’ gadgets remain their property, but anything created on them for work purposes belongs to the company. That may sound obvious, but, if it is not clearly set out in a policy document it may lead to later disputes,” says Davies.

You need to communicate, in as friendly a way as possible via presentations, awareness events of even by making a short film, the concept that any information created at work for work, whether documents, photos, notes or similar content, becomes the intellectual property of the company.

Mark Webber, a partner and head of technology at law firm Osborne Clarke, which specialises in advising digital businesses, has some pointers for devising policy.

Most legal traps associated with BYOD can be dealt with if there is good communication and consistent policy as long as the policy is communicated up-front, says Webber. Interfering with the end user’s devices is the legal minefield you have to be wary of, and it’s especially scary for those whose users are covered by European law.

“It is all too easy to fall foul of laws which prevent interception and the use of an individual’s location without their consent,” says Webber. “This consent ought to extend to all the possible interventions. It’s not just about deleting information, it’s about routine maintenance and updating software.”

Any access to an employee’s device ought to be subject to obtaining the prior informed consent of the employee. This should be given freely and voluntarily and employees should be fully informed up-front in a well prepared BYOD Policy.

Honest and up-front

You can protect yourself from the potential liability of wiping the boss’s iPad if you have notified them up-front of aspects of BYOD policy, reminding them that the employer may exercise certain control rights like mandating strong passwords or auto-wipe of devices after a prescribed number of failed password attempts. Put it in writing that there will be no compensation in the event of loss of personal data or information from the device as a result of the employer’s actions and remind people that it would be prudent to regularly back up device contents and data.

If a company allows their data to be transferred to another machine, they are responsible for it, says Norman Shaw, MD of ExactTrak. “The Information Commissioner is quite clear on this. The CIO will be ultimately held responsible for data which is lost via an employee’s personal device,” says Shaw.

“It is surprising that so few businesses alter their employees’ contracts to reflect the BYOD trend and iron out any ambiguity over data security responsibility,” says Shaw. “If employees are aware that transferring certain files onto their devices breaks their contracts, it may make them think twice before doing so.”

Creating a BYOD policy

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 secrets of successful remote IT teams