Tuesday, June 12, 2012

The Legal Implications of BYOD

With so many of us using our personal phones and iPads for work (Bring Your Own Device), I thought that this article from the InfoLawGroup would be worth a read.

"... The first rule of policy development and compliance is to create policies that can be followed and will be followed when implemented. Policies should not be aspirational and should reflect the “reality on the ground” as closely as possible. If certain BYOD activities are already taking place, it may be necessary to develop policies that reflect those activities or terminate or limit certain activities on a going forward basis ..."

"... Overall, the policy and control set around BYOD should be made flexible enough to deal with unusual situations. This is especially important in the BYOD context because personal device technology and risks are constantly evolving at a very rapid pace ..."

"... Device configuration requirements may include enabling wiping/bricking capabilities of a device, disabling automatic back-up or cloud storage of data stored on a device, prohibiting the use of a personal device as a mobile hotspot, requiring or prohibiting certain application installation, enabling auto-patching for operating systems and applications, and prohibiting jail breaking or modding of devices. The policy will often also require employees to install mobile device management or other software on personal devices. These system, software and configuration requirements often vary depending on the particular type of personal device and/or operating system, and may need to be updated when new devices are being used or new security vulnerabilities discovered ..."

No comments: