Thursday, September 11, 2014

Do your BYOD employees understand the remote-wipe?

Remote_Wipe_Apple_iPhoneMy kids are growing up. For example, we’ve now graduated from me having to wake them up in the morning for school and helping my son get dressed, to his big sister setting the alarm on her iPod, and both kids waking up and dressing without parental supervision. There is one area, however, for which my 6-year-old still requires help. Every now and again, I will hear the familiar cry of, “Daddy, I went poopies,” which beckons me into the bathroom to inspect, and, if necessary, aid his wiping technique.

Employers and employees are getting used to wiping of another kind—the remote wiping of employees’ personal mobile devices.

More and more employers are embracing BYOD (“bring your own device”) as a win-win for employers and employees. Employees get to use the device of their choice, without having to juggle multiple gadgets, while employers save on hardware costs. One survey I read (as cited by the Wall Street Journal) suggested that by 2017, half of all employers will stop providing mobile devices to employees and require them to use their own for work.

The use of personal devices for work, however, raises an important issue. How do employer ensure that company information is removed from a device if it goes missing or if an employee leaves the business. The answer is the employer must have the ability to remote-wipe the device to remove its data. What happens, however, if a remote-wipe compromises an employee’s personal data? I would argue that it is the risk employees take for BYODing. Employer have to be able to guarantee the security of their own information, even if it might compromise employee’s personal data.

SHRM predicts that “as state and federal regulations struggle to keep up with new technology, an employer’s ability to wipe employee personal cell phones and devices will likely be tested through the courts.” How can you best protect your organization from the risk of lawsuit by an employee who loses personal data through your remote-wipe of a mobile device? Have a BYOD policy—upon which employees place their John Hancock attesting to having read and understood the policy—which unequivocally states that:

  1. the employee’s phone will be wiped (remotely or otherwise) of all company-related information if the device is reported lost or stolen and upon the termination of employment;
  2. the employee understands that this wiping could result in the loss of personal data or information; and
  3. the employee indemnifies the company for an loss or damage that may result from the wiping of the phone under the policy.

With those protection in place before an employee decides to use his or her own personal device for work, an employee will have a harder time challenging the after-effects of a remote wipe.

As for my son, that’s for another day…

[Image by Intel Free Press [CC-BY-2.0], via Wikimedia Commons]