Upload
summit-professional-networks
View
336
Download
1
Tags:
Embed Size (px)
Citation preview
Diamond
Sponsors:
Platinum
Sponsor:
Gold
Sponsor:
Presented
By:
Bring Your Own Device or Bring Your Own Disaster
Anne DillCorporate AssociateGeneral Counsel
Mia BelkSenior Counsel
Shirley HartNational Leader, End User Technology
Teresa Rider BultManaging/ Administrative [email protected]
Agenda
What is BYOD? BYOD Considerations
• Technology• Process• People/Culture
Legal Perspective• Privacy• Data Protection• Litigation
What is BYOD?
BYOD – Bring Your Own Device• Usually refers to smartphones
and tablets• BYOC, BYOPC, BYOT are
similar terms• Part of the “Consumerization”
movement
BYOD Drivers Aren't Coming Just From End Users
Time
"I easily bypass IT —
they don't get it."
User Interest
"I'm too important!"Just this little exception, please.
After all I am the boss!
"I need better equipment!"
Organizational Interest
Contain rogue devices More of your employees than you realize are already usingtheir equipment to attach to your network!
Reduce support burden
Shift costs to users
Maintain attractivework environment
for hiring
System Capability
EffectiveFunctionality Gap {
Legacy
Envisioned Functionality
RequiredFunctionality
Source: Gartner, 2013
Why BYOD? Does it make business sense?
• Employee satisfaction• Recruitment and retention• Productivity• Risk and compliance• Cost savings?
Business Reaction to BYOD• Embrace• Support• Ignore• Restrict
BYO: The Trend Is Clear • More than 60% of employees report using a personal device for work
• Two thirds of consumers report that work influences what they buy for personal devices
• By 2015, the emphasis will shift toward cost-reduction through mandatory BYOD programs
• PC BYOD Lags Smartphones and Tablets (<8% of companies), but will accelerate in 2014+
Source: Bring Your Own Device: The Facts and the Future, 2013 N=453
How often employees use personal devices for work purposes
BYOD -- Technology
Devices• SmartPhones/Tablets• Computers
Management/Control• Mobile Device Management• Network Access Control• Virtual Desktops• Containerization
Support/Maintenance
BYOD -- Process Spend
• Stipends, voice/data Governance Policy
• Data wipe/data storage• Application usage
Security Support
BYOD – People/Culture
Demographics• It’s not for everyone• Younger employees tend to be
more proactive and accepting• Increasing level of computer
savvy Fit with company industry and
culture• Support environment• Industry perspective
• Powerful and connected smartphones and tablets have penetrated every facet of our personal and professional lives and are used continuously over the course of the day.
• Employees increasingly want to use their favorite mobile device for personal and professional use. They want to store personal data and install Internet games on devices used to access enterprise applications and data.
Summary: The BYOD Challenge
BYO Rationale
• User Perspective:– Desire for one device and phone number, not two– Desire to fully own the decision process when selecting a
personal device– Desire for the latest and greatest gadget
• Company Perspective:– Increased staff productivity due to better morale & hardware– Potential to reduce hardware, monthly service, provisioning
and ongoing support costs
• IT Department Perspective:– Potential for reduced IT staff workload as users move off
employer provided devices and onto BYO devices
BYO Challenges
• Security– Enterprise data confidentiality, integrity and availability– Liability for personal data (wipe, central storage)– Defining the security perimeter
• Applications– Impact of heterogeneous device environment on
application development and support requirements
• Support – Device certification, provisioning and management
• Cost– Potential loss of corporate-level volume discounts
because of personal purchase.
Enterprises should align user mobility expectations, IT capabilities and the needs of the business. Failure to act may increase security risk as unmanaged mobile devices continue to connect to the enterprise network.
Source: Deloitte
1. Sexting, sexual harassment, and discrimination2. Social Media Content3. Off the Clock/ Overtime liability 4. Distracted driving/ Workplace Safety5. Unsecured data/ Lost Devices. 6. Litigation Holds BONUS CONTENT:
1. Criminal Liability?2. Terminations and Wiping Devices3. Performance Management4. International Law
•40% of adults up to age 34 admit to “sexting.”
•Text more casual than emailing (if you can believe it!)
New problems:• Snapchat• Instagram
Exhibit A: No longer he said/ she said – PROOF.
BYOD PROBLEMS:• Not owning the device takes away a level of control• Less control over content – can’t spy on employees’ use of
Facebook (or can you?). Discrimination: Access to employees’ devices may mean
employers have more information than they want• Porn? • Genetic Information Nondiscrimination Act (GINA)-related
concerns. • E.g., Diabetes Management App?
Blocking Social Media Sites from Company Network does not block those Sites from BYOD devices
Racist comments posted on Twitter or a photo of an employee trespassing (even if it's done as a prank), can be used as evidence in a lawsuit that also names the employer as a defendant.
Non-exempt workers with devices presents problems (BYOD or not).
Universal Problems:• Texting:
• Managers texting non-exempt employees re: scheduling or before-work errands
• Employees texting re: tardies, changing schedules (how does this affect FMLA notice?)
BYOD problems:• Non-Exempt Employees with work email on personal devices
may be more likely to continue to check emails/ work after they leave.• I.e., How do you distinguish when you are working versus not
with your own device?
• Exempt employee on leave of absence may work on smartphone or tablet, accessing email and checking in on projects, etc. • If employee does work for more than a de minimis amount of
time – typically lasting longer than a couple minutes – she may be entitled to an entire week’s pay.
Do you believe your company could be liable for injuries sustained while driving and using a device?
a) Yesb) No
Would (should?) liability be worse if it is Company-Owned or BYOD?
a) Yesb) No
$24.7 million involving a 2008 crash in Missouri that killed three people and injured 15. • Driver of tractor-trailer was checking his phone for text messages; his truck
ran into10 vehicles stopped in backed-up traffic on freeway. • A plaintiff who sustained serious brain injuries, leaving him paralyzed and
unable to walk or talk until his death in 2011, was awarded $18 million; $6 million was awarded to the family of one of the deceased; and $700,000 was awarded to a victim who suffered broken bones.
$21.6 million award for a 2007 crash in Ohio• driver rear-ended vehicle on freeway in company car, causing the vehicle
struck to cross the median into oncoming traffic - one fatality at the scene. • Cell phone records showed employee driver was using cell phone at the time
of crash. $16.1 million settlement for a 2001 crash in Arkansas
• lumber distributor salesman crashed while talking on his cell driving to sales appointment. The crash severely disabled a 78-year-old woman.
Trade Secrets• Did you REALLY protect them if they somehow made their way to
an employee’s personal device? Sensitive Data about Clients/ Employees
• Soooo easy to access• Possibility it could be used against your company in court
Shared Devices (friends, family, neighbors. . .) Insecure Mobile Access
http://www.milner.com/company/blog/technology/2013/08/26/the-risks-and-danger-of-byod
• FRCP 34• party must preserve and produce responsive
docs & electronically stored information in its possession, custody & control.
• Control ≠ party having legal ownership or actual physical possession.
• Control = the right, authority or practical ability to obtain docs from nonparty.• Likely employer “controls” work product employees
create in furtherance of their employment. • Employers have to collect and produce corporate
documents by request even if the documents are in the employee’s home???
Spoliation Sanctions Awarded after defendant corporation failed to preserve or disclose any text messages from a key defendant’s cell phone in response to the plaintiffs’ first discovery request
• http://www.krollontrack.com/resource-library/case-law/?caseid=26480
• No allegation that company issued cell phones to company or that employees used cell phones for any work-related purpose• Court ruled that the phone and
text messages were not in company’s “possession,” and therefore they had no obligation to produce.
• But limited to a failure to plead issue.
• Case recognizes that it is difficult, if not impossible, for employers to fully control employees’ usage and deletion of data on personal devices.
BYOD might actually help with spoliation issues?
http://www.lxbn.com/tag/cotton-v-costco-wholesale-corp/
1. Performance Management – Close your eyes!• If IT has access to the personal content on phones as well as
business content, how do you close your eyes to ONLY manage business-performance?
• You may see things on device you don’t want to see.
2. Criminal Liability? • Once a device is used to perform work, employers have the right
to the information on it--and they can be held accountable for any laws broken through its use.
3. Terminations and Wiping Devices• Most targeted “wipes” require employee to hand over device• You can typically wipe the entire device remotely, but will wipe
ENTIRE device.
4. International Issues
http://www.eweek.com/mobile/slideshows/byod-brings-benefits-but-dont-ignore-the-risks-isf.html
1. Require employees to consent, in writing, to allow the company’s access to its data on their devices.
2. Check Union Contract3. Restrict BYOD usage by company executives, legal, HR,
and other members of your organization who are privy to highly confidential company information
4. Evaluate which other employees you will permit to BYOD (nonexempt?)
5. Install MDM (mobile device management) software 6. Restrict employees from using cloud-based apps, cloud-
based backup, or synchronizing with home PCs for work-related data (hard to enforce)
7. No use by friends and family members!
8. Rethink your Exit/ Termination process9. Clear statements that include consequences (i.e. if you are
caught sending sexually explicit texts in the workplace you could face termination)
10.Training programs to address mobile liabilities 11.Heightened security measures like remote wipe and other
capabilities 12.Users acknowledge that they understand their personal
devices could get confiscated for unspecified periods, in the event of a legal hold.
13.Explain How Much Device support employees will receive14.Keep track of the BYOD devices in use to ensure adequate
document retention and preservation
Anne DillCorporate AssociateGeneral Counsel
Mia BelkSenior Counsel
Shirley HartNational Leader, End User Technology
Teresa Rider BultManaging/ Administrative [email protected]