Is Your Employee’s iPhone A Ticking Timebomb

September 26, 2013 at 8:28 am Leave a comment

This week marked the latest consumer frenzy accompanying the release of what feels like the twentieth version of the iPhone.  Whereas many of you may enjoy the sight of adults arriving at work with the eagerness of children going to school the day after their birthday to show off their newest toys, I am unabashedly part of a profession dedicated to protecting people against their over-exhuberance.  So, remember that every time your employee brings a new portable device to work, it raises important issues related to data protection that are particularly important for financial institutions to remember.

Surveys indicate that the vast majority of companies authorize employees to bring their own devices into the workplace (so called BYOD policies) as opposed to buying the gadgets for work use only.  Let’s be honest, an office that doesn’t have a WiFi hookup, let alone let their employees keep up with their “Facebook friends” during downtimes may be doing the right thing on paper, but isn’t exactly creating the type of environment to attract the best and the brightest, at least if they’re under 40.

But, as Pedro Pavon points out in an excellent article in the September issue of the ABA’s Business Law Today Journal, “BYOD policy presents companies with a myriad of risks and challenges . . .”  Lawyers advising clients need to emphasize that “the biggest risk with BYOD is data loss.”  I think this is particularly true of financial institutions irrespective of your size.  The line between work and home blurs every time an employee responds to an after work email; stores a password on his or her smartphone; or forwards a document to a co-worker while on the way to work.  Ask yourself a simple question:  if one of your employees misplaces her cell phone today, what information could a hacker have access to tomorrow?  If you don’t know the answer, or you do know the answer but think there is nothing you can do about it, then it is time to sit down with your IT people and your policy drafter and get to work.

According to the article, one option is to use technology specifically designed to monitor mobile hardware.  The software will, for example, allow you to wipe the data off a smart phone and track a smartphone’s whereabouts.  You could also mandate the use of PINS on someone’s personal smartphone.  The problem with all of this, of course, is that the company is seeking to take control of someone’s personal device.  When you wipe my cell phone clean and I find it in the laundry pile the next day, I am going to be less than amused that I have to reconstruct the contact list from my poker group just because my employer is justifiably paranoid.  The best bit of advice from Pavon is that as companies acquire tracking software and develop policies, employees are told exactly what information and capabilities employers want to give themselves in return for allowing employees to bring their own devices.

A second piece of the puzzle is that employers responsible for monitoring smart phone usage know exactly where the company’s legitimate need to monitor employee technology cross the line from legitimate work purposes to voyeurism.  This line won’t always be easy to figure out, but having everyone buy in to not only the use of technology in the workplace, but the need for legitimate protections from data breach are the crucial first step that none of you should put off.

Entry filed under: HR, Legal Watch. Tags: , .

Joint Guidance Issued On Elder Abuse I’ve Seen The Enemy And It Is Us

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 452 other followers

Archives